General
-
Target
ecdc2ba523b0f7f199919345f3348da9_JaffaCakes118
-
Size
402KB
-
Sample
240411-h1vmxahe2s
-
MD5
ecdc2ba523b0f7f199919345f3348da9
-
SHA1
0518de9e4ab46db5083f29991f26592137ee31b2
-
SHA256
7ba589a2a323254002604cbd0f9739dd7cbca770ae59c76a31ad08e82a54932c
-
SHA512
4c61bdefba23f8fcb1afdd70b1966ad18753bb92c00108a3b22c18eb2a88f0718ed1759aaed3ecafad883530ba8a6885f46c7ae121fcbdd829b83b0a9c77788f
-
SSDEEP
6144:kmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDg3:NSmLAuEY71fviagATFmebVQDcYcT
Behavioral task
behavioral1
Sample
ecdc2ba523b0f7f199919345f3348da9_JaffaCakes118.exe
Resource
win7-20240319-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
ecdc2ba523b0f7f199919345f3348da9_JaffaCakes118
-
Size
402KB
-
MD5
ecdc2ba523b0f7f199919345f3348da9
-
SHA1
0518de9e4ab46db5083f29991f26592137ee31b2
-
SHA256
7ba589a2a323254002604cbd0f9739dd7cbca770ae59c76a31ad08e82a54932c
-
SHA512
4c61bdefba23f8fcb1afdd70b1966ad18753bb92c00108a3b22c18eb2a88f0718ed1759aaed3ecafad883530ba8a6885f46c7ae121fcbdd829b83b0a9c77788f
-
SSDEEP
6144:kmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDg3:NSmLAuEY71fviagATFmebVQDcYcT
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1