General
-
Target
0025d790c45fd64d7c9ef63205e6d0f5_JaffaCakes118
-
Size
23KB
-
Sample
240425-1peresfe84
-
MD5
0025d790c45fd64d7c9ef63205e6d0f5
-
SHA1
b84df5b4a76200ca58689a8872afa2b88c9a9a66
-
SHA256
e1866b1d507587f81f8ebff326bbd99ca07f17f9d150e8c5e0d45c1e86e7fbef
-
SHA512
6a28f9d72a1d7b0f993f710142afeae056defd8e82192813327d117617db6473d80a3aeb27027c84c442e35f8a0fde586259f21c1f27bd69d15b3f9c57416be9
-
SSDEEP
384:hV8aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZ21:hdY+sNKqNHnSdRpcnup
Behavioral task
behavioral1
Sample
0025d790c45fd64d7c9ef63205e6d0f5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0025d790c45fd64d7c9ef63205e6d0f5_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
Microsoft
42.201.169.87:4444
cc0b7e2c9a12a70fbd68ac4b793eab47
-
reg_key
cc0b7e2c9a12a70fbd68ac4b793eab47
-
splitter
|'|'|
Targets
-
-
Target
0025d790c45fd64d7c9ef63205e6d0f5_JaffaCakes118
-
Size
23KB
-
MD5
0025d790c45fd64d7c9ef63205e6d0f5
-
SHA1
b84df5b4a76200ca58689a8872afa2b88c9a9a66
-
SHA256
e1866b1d507587f81f8ebff326bbd99ca07f17f9d150e8c5e0d45c1e86e7fbef
-
SHA512
6a28f9d72a1d7b0f993f710142afeae056defd8e82192813327d117617db6473d80a3aeb27027c84c442e35f8a0fde586259f21c1f27bd69d15b3f9c57416be9
-
SSDEEP
384:hV8aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZ21:hdY+sNKqNHnSdRpcnup
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1