General
-
Target
fbfc3b70d6f2781bbff0d6a47856314a_JaffaCakes118
-
Size
281KB
-
Sample
240420-fpf92aaa2y
-
MD5
fbfc3b70d6f2781bbff0d6a47856314a
-
SHA1
3ca4524e76b565ca4e4137c75d580532d90b40d0
-
SHA256
f6894b3c61c194219b9f1f1fd8b9f23081f242d0ce55b88c8e8fb9662f608d84
-
SHA512
fe0c5cad87a3ce3ab99f14da831f5237fe994c67b1875006633c194bd8a7156008adf0e55b83bf92acc98dca12ef6abd3dab98fdf0e49901e34033ffdfa6e152
-
SSDEEP
6144:yDKW1Lgbdl0TBBvjc/lq/5R5VLC6J22UU2h+BrDRSM:Uh1Lk70TnvjctE5tWQUUDFx
Static task
static1
Behavioral task
behavioral1
Sample
fbfc3b70d6f2781bbff0d6a47856314a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fbfc3b70d6f2781bbff0d6a47856314a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.6.4
Hacker/rampo
127.0.0.1:5552
99f1fff43130b52fb4ab8da313b67d7c
-
reg_key
99f1fff43130b52fb4ab8da313b67d7c
-
splitter
|'|'|
Targets
-
-
Target
fbfc3b70d6f2781bbff0d6a47856314a_JaffaCakes118
-
Size
281KB
-
MD5
fbfc3b70d6f2781bbff0d6a47856314a
-
SHA1
3ca4524e76b565ca4e4137c75d580532d90b40d0
-
SHA256
f6894b3c61c194219b9f1f1fd8b9f23081f242d0ce55b88c8e8fb9662f608d84
-
SHA512
fe0c5cad87a3ce3ab99f14da831f5237fe994c67b1875006633c194bd8a7156008adf0e55b83bf92acc98dca12ef6abd3dab98fdf0e49901e34033ffdfa6e152
-
SSDEEP
6144:yDKW1Lgbdl0TBBvjc/lq/5R5VLC6J22UU2h+BrDRSM:Uh1Lk70TnvjctE5tWQUUDFx
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1