General
-
Target
001d7f9cd421aa46b8b3ebd4221d2fb8_JaffaCakes118
-
Size
47KB
-
Sample
240425-1cmw9sfc2w
-
MD5
001d7f9cd421aa46b8b3ebd4221d2fb8
-
SHA1
231fbe11de3818e88bd4094f33a03c123af21c17
-
SHA256
64eca53d8c1a39bcb0a5fb1a3c217e99ac83843602158e327811b1dcbe0b0f5b
-
SHA512
28f94acd96646140414e8a1920e613339273f785337f77475545a9825ecaa9f730400f4b406a025c67f863f4057550db1324b587002d8edd0bec065ab34ed8a8
-
SSDEEP
768:czdGdkrK6PKO42rM+rMRa8NuoBNtH86c5Q:czdGym6Chp+gRJNdX86mQ
Behavioral task
behavioral1
Sample
001d7f9cd421aa46b8b3ebd4221d2fb8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
001d7f9cd421aa46b8b3ebd4221d2fb8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
im523
winrar
178.44.248.36:7777
1914b4fbb4ae6694e81f050d266ec890
-
reg_key
1914b4fbb4ae6694e81f050d266ec890
-
splitter
|'|'|
Targets
-
-
Target
001d7f9cd421aa46b8b3ebd4221d2fb8_JaffaCakes118
-
Size
47KB
-
MD5
001d7f9cd421aa46b8b3ebd4221d2fb8
-
SHA1
231fbe11de3818e88bd4094f33a03c123af21c17
-
SHA256
64eca53d8c1a39bcb0a5fb1a3c217e99ac83843602158e327811b1dcbe0b0f5b
-
SHA512
28f94acd96646140414e8a1920e613339273f785337f77475545a9825ecaa9f730400f4b406a025c67f863f4057550db1324b587002d8edd0bec065ab34ed8a8
-
SSDEEP
768:czdGdkrK6PKO42rM+rMRa8NuoBNtH86c5Q:czdGym6Chp+gRJNdX86mQ
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1