General
-
Target
fbf52394727eee33e0e5473f5692d191_JaffaCakes118
-
Size
49KB
-
Sample
240420-fekvgagh32
-
MD5
fbf52394727eee33e0e5473f5692d191
-
SHA1
07cb182a92a39e0ac21cd78f61298c93bfb8b2fe
-
SHA256
9666f25a43d268d6ae9a0958703618004b0f6e2dd326042183528c7917b14fc6
-
SHA512
9a1cbb5ca12f55114777ad99c7601c3c600445543be95fb5f0c5984f84f0bcdf42de849e95cf5ef619631effb929fb64b3c2900d00f0075385c84b6248de9553
-
SSDEEP
768:IY7+17bUw2C3kEcqNreHBKh0p29SgRX3/Xth9rk2XPg:IYk7bq7sKKhG29jX3H22fg
Behavioral task
behavioral1
Sample
fbf52394727eee33e0e5473f5692d191_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fbf52394727eee33e0e5473f5692d191_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.6.4
HacKed
yasersys.no-ip.org:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
fbf52394727eee33e0e5473f5692d191_JaffaCakes118
-
Size
49KB
-
MD5
fbf52394727eee33e0e5473f5692d191
-
SHA1
07cb182a92a39e0ac21cd78f61298c93bfb8b2fe
-
SHA256
9666f25a43d268d6ae9a0958703618004b0f6e2dd326042183528c7917b14fc6
-
SHA512
9a1cbb5ca12f55114777ad99c7601c3c600445543be95fb5f0c5984f84f0bcdf42de849e95cf5ef619631effb929fb64b3c2900d00f0075385c84b6248de9553
-
SSDEEP
768:IY7+17bUw2C3kEcqNreHBKh0p29SgRX3/Xth9rk2XPg:IYk7bq7sKKhG29jX3H22fg
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1