General
-
Target
f9449e7f5cc50b6523fd70685ecfd8a1_JaffaCakes118
-
Size
144KB
-
Sample
240419-cjf6asdg33
-
MD5
f9449e7f5cc50b6523fd70685ecfd8a1
-
SHA1
6e00de6cbd29a53a328c1527609688d0898fe013
-
SHA256
fb9b1c9791ef27dedb6a0c0904f193d813b91a6de085d05421ba5fa1310e8a00
-
SHA512
a418835509f60814e58e11efb2c48a6f4f10d259ba3e4261d806074cd867404ec8c2101e38bb49283b679b797c7b97dd62cff7c57205f8d6d68301db26887353
-
SSDEEP
3072:1PoTCVcBKNnYWBrYBQUqoo9FeCyHSCEIanS2fOTFj50o1w/X4WK0mwbN:X9FeCyHSCPanSl0g2Pzm
Static task
static1
Behavioral task
behavioral1
Sample
f9449e7f5cc50b6523fd70685ecfd8a1_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f9449e7f5cc50b6523fd70685ecfd8a1_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.6.4
HacKed
allord1994.ddns.net:1177
5b2d8a2a5ef35052f655e43339797018
-
reg_key
5b2d8a2a5ef35052f655e43339797018
-
splitter
|'|'|
Targets
-
-
Target
f9449e7f5cc50b6523fd70685ecfd8a1_JaffaCakes118
-
Size
144KB
-
MD5
f9449e7f5cc50b6523fd70685ecfd8a1
-
SHA1
6e00de6cbd29a53a328c1527609688d0898fe013
-
SHA256
fb9b1c9791ef27dedb6a0c0904f193d813b91a6de085d05421ba5fa1310e8a00
-
SHA512
a418835509f60814e58e11efb2c48a6f4f10d259ba3e4261d806074cd867404ec8c2101e38bb49283b679b797c7b97dd62cff7c57205f8d6d68301db26887353
-
SSDEEP
3072:1PoTCVcBKNnYWBrYBQUqoo9FeCyHSCEIanS2fOTFj50o1w/X4WK0mwbN:X9FeCyHSCPanSl0g2Pzm
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1