General

  • Target

    22897536073.zip

  • Size

    1.5MB

  • Sample

    250715-2twfeazzcx

  • MD5

    89fdb21d48b3f8c009ed9f9c1e381c91

  • SHA1

    f2b80bd67e48f3f590788997f75faf7d005b776b

  • SHA256

    1f1f51761059618f72c4ad782cc8350576852d166c50cafe4a60c69e7188f44f

  • SHA512

    06cf5e85f386e6f99b71e9dc93d550e838cb948e9571ea175e757e4f73b1d699d72508f5a820f98da6a0a58f2a2579b6b3cb5f70449e3e86c5e5b3df8d9b0e21

  • SSDEEP

    24576:9b+IogWJGpQSNn9tUWf4Gpq5s+hxGQ6JI5zVYmvCMd+KA4+Dr5JxxvKOKqjkeMCw:YIgJwQQxNpOxX6JIrPvLliiLrebw

Malware Config

Targets

    • Target

      907cff1b76b2e2e44fa6bb41e6b0502733592fee7c18bb9873b9ae2b88bf941c

    • Size

      1.5MB

    • MD5

      4ad791d3aef14562e74d7e756fccd828

    • SHA1

      39a006a7c7cb7be765ef6a508d28e1f244707f12

    • SHA256

      907cff1b76b2e2e44fa6bb41e6b0502733592fee7c18bb9873b9ae2b88bf941c

    • SHA512

      b5f59797e5d21007df17d987200a38ef917250af5cc0be880ac2fcb41911a743d60b2973c200c9252bb23a60e78f14beaf55f68205845a1db63a8a64f2360f08

    • SSDEEP

      49152:YKotURB9xb0mexyBer3rU/eOhPD2ZaWoVYQ:YrURtBWL4/eOsZaWoVP

    • Detect JanelaRAT payload

    • JanelaRAT

      JanelaRAT is a trojan targeting FinTech users in the LATAM region written in C#.

    • Janelarat family

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks