General
-
Target
fb72f0591e5f80de93a65963c595ba36_JaffaCakes118
-
Size
509KB
-
Sample
240419-3xrgasbf6y
-
MD5
fb72f0591e5f80de93a65963c595ba36
-
SHA1
e5ec5663d0d82c21d87651b8484ffd023dfde090
-
SHA256
dea61f818fc8d46e9e08f10e077680c46b55eed4ac519fe8223370a63dc17b8c
-
SHA512
73c7a9421e591bedbf2a8e83039014aec59a8c1ccf111db1aa9977a4c6c1b687a40b9d96261ff5471ab92e82c7092436720e3228f882927b54bbdc5c545681c8
-
SSDEEP
12288:b18VfZlx7rrW4GrPKmVzlDDABu6AKVeLv7P8Tgkalm+btGMvVyeTEk9GmLMwJC5J:CWhXvMhE6
Static task
static1
Behavioral task
behavioral1
Sample
fb72f0591e5f80de93a65963c595ba36_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fb72f0591e5f80de93a65963c595ba36_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
HacKed
doza122.con-ip.com:5552
68a4a42151e9c45f922a140954d9441d
-
reg_key
68a4a42151e9c45f922a140954d9441d
-
splitter
|'|'|
Targets
-
-
Target
fb72f0591e5f80de93a65963c595ba36_JaffaCakes118
-
Size
509KB
-
MD5
fb72f0591e5f80de93a65963c595ba36
-
SHA1
e5ec5663d0d82c21d87651b8484ffd023dfde090
-
SHA256
dea61f818fc8d46e9e08f10e077680c46b55eed4ac519fe8223370a63dc17b8c
-
SHA512
73c7a9421e591bedbf2a8e83039014aec59a8c1ccf111db1aa9977a4c6c1b687a40b9d96261ff5471ab92e82c7092436720e3228f882927b54bbdc5c545681c8
-
SSDEEP
12288:b18VfZlx7rrW4GrPKmVzlDDABu6AKVeLv7P8Tgkalm+btGMvVyeTEk9GmLMwJC5J:CWhXvMhE6
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1