General
-
Target
ffe01866101207852dcc491927429a66_JaffaCakes118
-
Size
216KB
-
Sample
240421-ww2gjshb61
-
MD5
ffe01866101207852dcc491927429a66
-
SHA1
5e261a072f450b840683ffdde89a6dcf22af4fa8
-
SHA256
48dceb581254c8f4088b359ac73a22c44dd9bd8143ee4ddd04c0996e9543d184
-
SHA512
a8026d8540ce5d09b81567a394ba0310ac34efe08845f4977be9516faa0aaa8d267e39b38b9a6cafbd4c4c3cb432604c9eeed6d267b3980ebe86d4052acddfa7
-
SSDEEP
3072:VJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLCYP:VJPgv7wJZ87wBjYI1IUwrIOZylP
Behavioral task
behavioral1
Sample
ffe01866101207852dcc491927429a66_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.6.4
Hacked
abdo95.ddns.net:1177
ed6e2bf930f6d35b3ac57c049d10ac2c
-
reg_key
ed6e2bf930f6d35b3ac57c049d10ac2c
-
splitter
|'|'|
Targets
-
-
Target
ffe01866101207852dcc491927429a66_JaffaCakes118
-
Size
216KB
-
MD5
ffe01866101207852dcc491927429a66
-
SHA1
5e261a072f450b840683ffdde89a6dcf22af4fa8
-
SHA256
48dceb581254c8f4088b359ac73a22c44dd9bd8143ee4ddd04c0996e9543d184
-
SHA512
a8026d8540ce5d09b81567a394ba0310ac34efe08845f4977be9516faa0aaa8d267e39b38b9a6cafbd4c4c3cb432604c9eeed6d267b3980ebe86d4052acddfa7
-
SSDEEP
3072:VJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLCYP:VJPgv7wJZ87wBjYI1IUwrIOZylP
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1