General
-
Target
f4c92096d53617c613ae27b5b567e01b_JaffaCakes118
-
Size
1.0MB
-
Sample
240417-caaxxsae52
-
MD5
f4c92096d53617c613ae27b5b567e01b
-
SHA1
0d0ec8e0403716a9daff7d475ee360c6433e3b36
-
SHA256
6364c2d78caedd5950f0e827e3595e38db21e17b5ffd6ecef2c513abf03403fe
-
SHA512
4960404aa688fcc21926b8357bdb1cdbbeb70e49d2e0f5739faf384de56cff0afcc5e948462b99f568b5d25a7bd4556662ea3d6c695a271e031d8241becb757a
-
SSDEEP
3072:1tU5R9DLoDWTCIMSpCZGKY8eW5DRQOcPDH80XCJ3rFzg7fabVKQULzXKcAyorvab:M9YDwfKD0Jxn
Static task
static1
Behavioral task
behavioral1
Sample
f4c92096d53617c613ae27b5b567e01b_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f4c92096d53617c613ae27b5b567e01b_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
279f6960ed84a752570aca7fb2dc1552
-
reg_key
279f6960ed84a752570aca7fb2dc1552
-
splitter
|'|'|
Targets
-
-
Target
f4c92096d53617c613ae27b5b567e01b_JaffaCakes118
-
Size
1.0MB
-
MD5
f4c92096d53617c613ae27b5b567e01b
-
SHA1
0d0ec8e0403716a9daff7d475ee360c6433e3b36
-
SHA256
6364c2d78caedd5950f0e827e3595e38db21e17b5ffd6ecef2c513abf03403fe
-
SHA512
4960404aa688fcc21926b8357bdb1cdbbeb70e49d2e0f5739faf384de56cff0afcc5e948462b99f568b5d25a7bd4556662ea3d6c695a271e031d8241becb757a
-
SSDEEP
3072:1tU5R9DLoDWTCIMSpCZGKY8eW5DRQOcPDH80XCJ3rFzg7fabVKQULzXKcAyorvab:M9YDwfKD0Jxn
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1