General
-
Target
f8fd905c61fcfa50a4068cf86615caec_JaffaCakes118
-
Size
405KB
-
Sample
240418-3g8qmsbb5s
-
MD5
f8fd905c61fcfa50a4068cf86615caec
-
SHA1
428dcf78a8b45b1f58b8af58bda34318002e0bae
-
SHA256
c3b8541902e9c0c71952e3c1474d4e1da1ea8e4faa79eb6c1924290899c38492
-
SHA512
0d58dd4259add62d64c447611ad7fd741540e4e6824516f27fe6af6f1bb2076924e00e610e1db239ce6c5b70b36fceeb9479a97636d499d3917969d415c87981
-
SSDEEP
768:pcF7fb4ITzbxN5aykR8eIo4dYVK4mxZzCARMivsPqbU5d5Hxt0I+Y9FqYEXNhc:pcNfbhxN5613CMivtUBHxeIN9F3EXNG
Static task
static1
Behavioral task
behavioral1
Sample
f8fd905c61fcfa50a4068cf86615caec_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f8fd905c61fcfa50a4068cf86615caec_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
HacKed
sasbab.ddns.net:5552
9a936159a3e9c2a9c23e812afe89cdb2
-
reg_key
9a936159a3e9c2a9c23e812afe89cdb2
-
splitter
|'|'|
Targets
-
-
Target
f8fd905c61fcfa50a4068cf86615caec_JaffaCakes118
-
Size
405KB
-
MD5
f8fd905c61fcfa50a4068cf86615caec
-
SHA1
428dcf78a8b45b1f58b8af58bda34318002e0bae
-
SHA256
c3b8541902e9c0c71952e3c1474d4e1da1ea8e4faa79eb6c1924290899c38492
-
SHA512
0d58dd4259add62d64c447611ad7fd741540e4e6824516f27fe6af6f1bb2076924e00e610e1db239ce6c5b70b36fceeb9479a97636d499d3917969d415c87981
-
SSDEEP
768:pcF7fb4ITzbxN5aykR8eIo4dYVK4mxZzCARMivsPqbU5d5Hxt0I+Y9FqYEXNhc:pcNfbhxN5613CMivtUBHxeIN9F3EXNG
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1