Skip Navigation
BlackBerry ThreatVector Blog

BlackBerry Prevents: Jennlog Loader

A malicious loader named Jennlog has recently been used by an Iranian threat actor called Agrius in a ransomware attack against a university in Israel. The malware was written in .NET assembly language, and designed to target Windows® machines. 

The loader hides its payload as a resource that initially appears to be a log file. Instead, it contains both the malicious payload (in this case, Orcus RAT) and the malware’s execution configuration. As an anti-analysis method, this loader checks for the presence of virtual machines (VMs) and sandboxes before unpacking its malicious payload, as this might indicate that it is being run on a researcher’s machine. 

To see how BlackBerry prevents Jennlog attacks from occurring, check out the following video.

DEMO VIDEO: BlackBerry vs. Jennlog Loader 

Learn more about Jennlog in our deep dive blog, Threat Thursday: Jennlog Loader

BlackBerry Cyber Suite and BlackBerry Guard stop these attacks. 

BlackBerry customers can feel confident that our AI-driven BlackBerry® Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, and our Zero Trust Network Access solution BlackBerry® Gateway, are all well-equipped to mitigate the risks posed by threat actors:  

  • BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement.  
  • BlackBerry® Optics extends the threat prevention by using artificial intelligence (AI) to prevent security incidents. It provides true AI incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities.   
  • BlackBerry® Gateway provides Zero Trust network access to reduce risk by protecting traffic through the perimeter and performing encrypted packet analysis. BlackBerry Gateway creates a network that is identity-aware per user, with continuous authorization to thwart zero-day attacks. 
  • The BlackBerry® Mobile Threat Defense (MTD) solution prevents and detects advanced malicious threats at the device and application levels. It combines the mobile endpoint management capabilities of BlackBerry® Unified Endpoint Manager (UEM) with advanced AI-driven threat protection, to get in front of malicious cyberattacks in a Zero Trust environment.  
  • BlackBerry® Persona creates trust based on behavior analytics, app usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication.  
  • BlackBerry Guard customers are proactively protected from Jennlog Loader attacks. Our 24/7 MDR solution customers receive:   
    • Alerts monitored in real time   
    • Corrective policies applied while discovering gaps in policy implementation   
    • Prioritized threat hunting   
    • The latest threat intelligence for fast-moving threats   

Prevention First  

At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.  

By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure.  

BlackBerry Assistance  

The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.  

For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form.  

Video Transcription

“In this video, we are going to analyze Jennlog, a malicious loader that hides its payload as a resource that initially appears to be a log file but in reality, contains a malicious payload; in this case it is Orcus RAT and the malware configuration.

For this demonstration, we have configured our machine in Audit-Only mode.

Upon execution, there's not a lot to see for the victim, who is presented by a message where Orcus RAT portrays itself as a legitimate remote access utility – however, that is far from reality.

If we conduct a root-cause analysis with BlackBerry Optics, we can see how this threat fingerprints the victim’s system and gathers information in terms of the victim’s video controller, CPU and system BIOS information as well trying to establish a connection with its command-and-control server (C2).

Now, let's see how the BlackBerry Temporal Predictive Advantage could identify this threat; not only the sample we have analyzed, but also another variant that loads the Apostle ransomware, which was used recently by an Iranian threat actor against targets in Israel.

As you can see, our Cylance® AI math models from six years ago (with no updates or connection to the Internet) are able to identify the malicious features of these files, providing real-time prevention in milliseconds.

Prevention is possible, with BlackBerry.”

The BlackBerry Research & Intelligence Team

About The BlackBerry Research & Intelligence Team

The BlackBerry Research & Intelligence team examines emerging and persistent threats, providing intelligence analysis for the benefit of defenders and the organizations they serve.