General
-
Target
fc053cf93174a337d8310c78778cd066_JaffaCakes118
-
Size
402KB
-
Sample
240420-f3hp1sac7z
-
MD5
fc053cf93174a337d8310c78778cd066
-
SHA1
8e35ae70e27e5eee71bfb0744fd9c05d7f6cc0b8
-
SHA256
0e45901ac284cd893e2b4c86bf00251c678a4565d0869bfafbaa369a8d2bd1eb
-
SHA512
75f5b2e587f2cdd8494def7ef99da49695a0a637f997c34e64aefb1008cb3e914f71d3162bf1cca958124239e987403c7807a7f0a185999e8e5258d8a79a9a8a
-
SSDEEP
6144:kmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgI:NSmLAuEY71fviagATFmebVQDcYcs
Behavioral task
behavioral1
Sample
fc053cf93174a337d8310c78778cd066_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
fc053cf93174a337d8310c78778cd066_JaffaCakes118
-
Size
402KB
-
MD5
fc053cf93174a337d8310c78778cd066
-
SHA1
8e35ae70e27e5eee71bfb0744fd9c05d7f6cc0b8
-
SHA256
0e45901ac284cd893e2b4c86bf00251c678a4565d0869bfafbaa369a8d2bd1eb
-
SHA512
75f5b2e587f2cdd8494def7ef99da49695a0a637f997c34e64aefb1008cb3e914f71d3162bf1cca958124239e987403c7807a7f0a185999e8e5258d8a79a9a8a
-
SSDEEP
6144:kmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgI:NSmLAuEY71fviagATFmebVQDcYcs
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1