General
-
Target
017d58616ffe5e91e84cd5a10dc6cf5a_JaffaCakes118
-
Size
23KB
-
Sample
240426-x5ngqaae42
-
MD5
017d58616ffe5e91e84cd5a10dc6cf5a
-
SHA1
076df91663f13ad61457060661db5937d451a60c
-
SHA256
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1
-
SHA512
5ae5ad9459a6a43849297569024b56dd7bb8ce4cafec1e35ed9fe70e9825cb4fc2e86bae624560039286fbb76aa7b2d2c50d0bf34a2239568d0fc4a77db47979
-
SSDEEP
384:oweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZZmRvR6JZlbw8hqIusZzZRW3:vLq4116Rpcnuk4
Behavioral task
behavioral1
Sample
017d58616ffe5e91e84cd5a10dc6cf5a_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
017d58616ffe5e91e84cd5a10dc6cf5a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
HacKed
bmhha.ddns.net:1604
81070cdd786421ae0d07b0841d9f8467
-
reg_key
81070cdd786421ae0d07b0841d9f8467
-
splitter
|'|'|
Targets
-
-
Target
017d58616ffe5e91e84cd5a10dc6cf5a_JaffaCakes118
-
Size
23KB
-
MD5
017d58616ffe5e91e84cd5a10dc6cf5a
-
SHA1
076df91663f13ad61457060661db5937d451a60c
-
SHA256
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1
-
SHA512
5ae5ad9459a6a43849297569024b56dd7bb8ce4cafec1e35ed9fe70e9825cb4fc2e86bae624560039286fbb76aa7b2d2c50d0bf34a2239568d0fc4a77db47979
-
SSDEEP
384:oweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZZmRvR6JZlbw8hqIusZzZRW3:vLq4116Rpcnuk4
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1