General
-
Target
f8acfe1ac407aa78d09488a35935cab9_JaffaCakes118
-
Size
145KB
-
Sample
240418-y75pfsea37
-
MD5
f8acfe1ac407aa78d09488a35935cab9
-
SHA1
5b6b38442897addf6f5a86a5482b03f706e57fe3
-
SHA256
7f2cb3c2cd947ce3ca72a9b883b5770b7f76eeeeb2cb7151657e853d068b07f1
-
SHA512
d75c1f38f3d9b61a821d6bba6dd207c78fd6e13c6bca3aebebefae4363d0be601d497f686b4f47beb2bbcd48d7f1c9336c62c1fcb61799835734fcc357010ec0
-
SSDEEP
1536:+yUPQCVGIXCZQLDchg9SaLcde4Sh9Six91Rfvk6g2Wt0ACbgkc5UrcUgQJsJUJpU:+yUZVG53g9SurSAoT
Static task
static1
Behavioral task
behavioral1
Sample
f8acfe1ac407aa78d09488a35935cab9_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
f8acfe1ac407aa78d09488a35935cab9_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
62c91990ef3b28ae63840fc9e70ab61b
-
reg_key
62c91990ef3b28ae63840fc9e70ab61b
-
splitter
|'|'|
Targets
-
-
Target
f8acfe1ac407aa78d09488a35935cab9_JaffaCakes118
-
Size
145KB
-
MD5
f8acfe1ac407aa78d09488a35935cab9
-
SHA1
5b6b38442897addf6f5a86a5482b03f706e57fe3
-
SHA256
7f2cb3c2cd947ce3ca72a9b883b5770b7f76eeeeb2cb7151657e853d068b07f1
-
SHA512
d75c1f38f3d9b61a821d6bba6dd207c78fd6e13c6bca3aebebefae4363d0be601d497f686b4f47beb2bbcd48d7f1c9336c62c1fcb61799835734fcc357010ec0
-
SSDEEP
1536:+yUPQCVGIXCZQLDchg9SaLcde4Sh9Six91Rfvk6g2Wt0ACbgkc5UrcUgQJsJUJpU:+yUZVG53g9SurSAoT
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1