General
-
Target
fece8fc8d0c5585ed10ab38fd8cb0cfb_JaffaCakes118
-
Size
166KB
-
Sample
240421-jrgkcsee28
-
MD5
fece8fc8d0c5585ed10ab38fd8cb0cfb
-
SHA1
af83e889efb68fff718ec43c77a00ec50792c29b
-
SHA256
3a0760b22a4c41c167a22a2fe172788be21016fb7f4cca680191e5c8369456d4
-
SHA512
e7115c77946d4b63a1ab15a7b18f105e3765ae57d7caef36bd2b2050f5c054e35a13ec4c2a68df0236122a92f7cdc1474ad52e2a9385fd1019b3de443c4aa21d
-
SSDEEP
3072:NXskhzns5regbY1NElmWZNH2j5DlMDYOs5amxUPGSr:NXskTkregbPlmWLa3MvsgmieS
Static task
static1
Behavioral task
behavioral1
Sample
fece8fc8d0c5585ed10ab38fd8cb0cfb_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fece8fc8d0c5585ed10ab38fd8cb0cfb_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
im523
4
rlawlsl154.codns.com:443
a695e871b7f2f081334e678e67df6a28
-
reg_key
a695e871b7f2f081334e678e67df6a28
-
splitter
|'|'|
Targets
-
-
Target
fece8fc8d0c5585ed10ab38fd8cb0cfb_JaffaCakes118
-
Size
166KB
-
MD5
fece8fc8d0c5585ed10ab38fd8cb0cfb
-
SHA1
af83e889efb68fff718ec43c77a00ec50792c29b
-
SHA256
3a0760b22a4c41c167a22a2fe172788be21016fb7f4cca680191e5c8369456d4
-
SHA512
e7115c77946d4b63a1ab15a7b18f105e3765ae57d7caef36bd2b2050f5c054e35a13ec4c2a68df0236122a92f7cdc1474ad52e2a9385fd1019b3de443c4aa21d
-
SSDEEP
3072:NXskhzns5regbY1NElmWZNH2j5DlMDYOs5amxUPGSr:NXskTkregbPlmWLa3MvsgmieS
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1