General

  • Target

    1fn45.7no05Ta99NT91.msi

  • Size

    4.8MB

  • Sample

    250712-v7b6cstrt6

  • MD5

    fbf2b87ec7c4d1ae91a8e671bc731931

  • SHA1

    d916539e9c023c3fc8a697182af1956d394d9a78

  • SHA256

    ff074d28f168e23ba94d3223fd6ed3cd87fdd6ec2874338d3c04e28904d41df7

  • SHA512

    1cbe5a0c8a2a0bc3a96980892ee25552b245a10f4780727e275b31d5f09aca5b9e262040290ca7d60b6d8dc01bc4b60155bbcef41eaa19347b77cdf391d6a23f

  • SSDEEP

    98304:JxMvAtKknz5vqu9sRe4frUMXjcYKMnrt5/8zdKL1mInoecTIIcAFkXGdg:JbYu9sRVj6YwdKLgIo3IIcAyXz

Malware Config

Targets

    • Target

      1fn45.7no05Ta99NT91.msi

    • Size

      4.8MB

    • MD5

      fbf2b87ec7c4d1ae91a8e671bc731931

    • SHA1

      d916539e9c023c3fc8a697182af1956d394d9a78

    • SHA256

      ff074d28f168e23ba94d3223fd6ed3cd87fdd6ec2874338d3c04e28904d41df7

    • SHA512

      1cbe5a0c8a2a0bc3a96980892ee25552b245a10f4780727e275b31d5f09aca5b9e262040290ca7d60b6d8dc01bc4b60155bbcef41eaa19347b77cdf391d6a23f

    • SSDEEP

      98304:JxMvAtKknz5vqu9sRe4frUMXjcYKMnrt5/8zdKL1mInoecTIIcAFkXGdg:JbYu9sRVj6YwdKLgIo3IIcAyXz

    • Detect JanelaRAT payload

    • JanelaRAT

      JanelaRAT is a trojan targeting FinTech users in the LATAM region written in C#.

    • Janelarat family

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks