General
-
Target
fc8d5338f19d511c0a4459b58e5f7443_JaffaCakes118
-
Size
56KB
-
Sample
240420-mjnkgseh81
-
MD5
fc8d5338f19d511c0a4459b58e5f7443
-
SHA1
85161dc783dd0c62ae9413dc5626ba136cf8f1ad
-
SHA256
5d5ab9ba6dea4c9d49adfff2cb09ae618b494ca21623d5ad73a5d44a0557bf45
-
SHA512
1dbed83089c42afbbcb47f0839643dd668aad59236b59d2aac57147c8f2cff4f61e6a0481f9f6051aaf227563853560dc20f5298acd3674a8c488974d129100b
-
SSDEEP
768:LnDAnq2cxGmfZ1RaeppNs/9W9jK16+DSpseGvzmtRBdo7q8vm:Lknq2UG0Z1RaWNs/Q9k7CsDvgBdo7qd
Static task
static1
Behavioral task
behavioral1
Sample
fc8d5338f19d511c0a4459b58e5f7443_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc8d5338f19d511c0a4459b58e5f7443_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
HacKed
89.34.99.133:1202
fc19433d210e3d2d82d190a84dd3ce6c
-
reg_key
fc19433d210e3d2d82d190a84dd3ce6c
-
splitter
|'|'|
Targets
-
-
Target
fc8d5338f19d511c0a4459b58e5f7443_JaffaCakes118
-
Size
56KB
-
MD5
fc8d5338f19d511c0a4459b58e5f7443
-
SHA1
85161dc783dd0c62ae9413dc5626ba136cf8f1ad
-
SHA256
5d5ab9ba6dea4c9d49adfff2cb09ae618b494ca21623d5ad73a5d44a0557bf45
-
SHA512
1dbed83089c42afbbcb47f0839643dd668aad59236b59d2aac57147c8f2cff4f61e6a0481f9f6051aaf227563853560dc20f5298acd3674a8c488974d129100b
-
SSDEEP
768:LnDAnq2cxGmfZ1RaeppNs/9W9jK16+DSpseGvzmtRBdo7q8vm:Lknq2UG0Z1RaWNs/Q9k7CsDvgBdo7qd
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1