General
-
Target
fc239b6abe0a4c07a251e9141812c508_JaffaCakes118
-
Size
247KB
-
Sample
240420-g9g8haaf67
-
MD5
fc239b6abe0a4c07a251e9141812c508
-
SHA1
26334e4e1937a9676e8157a6ce0961368608c523
-
SHA256
de234e51dcdb13d84e36faa5462b9934677015099413a06fb54f0ba4bf8a808b
-
SHA512
2a8ed74e34aaa9651fc997b95ba6d5f11f6236eb74cd462187d81a877706f1fcfc50b8cfdb81a0536cc037ff6835d063c02f7a6fa0e189a0740d6d65e3f03ce8
-
SSDEEP
6144:H1R0sPgL8mJD1fez2gdp1THFHkCz1GBT:H1R0sPgL8AD1eigd7zFHkCz1Gl
Static task
static1
Behavioral task
behavioral1
Sample
fc239b6abe0a4c07a251e9141812c508_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc239b6abe0a4c07a251e9141812c508_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
im523
$$$$$$$$$$$
1999411.no-ip.org:1000
2f0e2ecefb2c62b645bf3055d820f2cf
-
reg_key
2f0e2ecefb2c62b645bf3055d820f2cf
-
splitter
|'|'|
Targets
-
-
Target
fc239b6abe0a4c07a251e9141812c508_JaffaCakes118
-
Size
247KB
-
MD5
fc239b6abe0a4c07a251e9141812c508
-
SHA1
26334e4e1937a9676e8157a6ce0961368608c523
-
SHA256
de234e51dcdb13d84e36faa5462b9934677015099413a06fb54f0ba4bf8a808b
-
SHA512
2a8ed74e34aaa9651fc997b95ba6d5f11f6236eb74cd462187d81a877706f1fcfc50b8cfdb81a0536cc037ff6835d063c02f7a6fa0e189a0740d6d65e3f03ce8
-
SSDEEP
6144:H1R0sPgL8mJD1fez2gdp1THFHkCz1GBT:H1R0sPgL8AD1eigd7zFHkCz1Gl
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1