General
-
Target
02abaeefe6589e5ccee65d47eba749a7_JaffaCakes118
-
Size
211KB
-
Sample
240427-hp2xvadd52
-
MD5
02abaeefe6589e5ccee65d47eba749a7
-
SHA1
b25cf7475351f1f9b205954d751041329b75d8d9
-
SHA256
c8ddf513dad4e319e738bad058a5ff1432057fab3f34f5402325b9e83909d864
-
SHA512
ebebac6c46754c3f2eb2b67f3cc47bc038ea2e66d88dcbae047d15424d4cd344022a8337a102c0bc22c5e657e217286a6bcdba146649573ba4d02c964f27457c
-
SSDEEP
1536:keZN1s3o5pMCgNlWnkEU2jKIUhycIIWBjSWD7yayIFbJmLvEVJHrwmO:kuvp5KNlc1jKjycIIWtDlfmLvQLw
Static task
static1
Behavioral task
behavioral1
Sample
02abaeefe6589e5ccee65d47eba749a7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02abaeefe6589e5ccee65d47eba749a7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
Last
recreciptor.hopto.org:2255
63951ff13995ee572862321383fecced
-
reg_key
63951ff13995ee572862321383fecced
-
splitter
|'|'|
Targets
-
-
Target
02abaeefe6589e5ccee65d47eba749a7_JaffaCakes118
-
Size
211KB
-
MD5
02abaeefe6589e5ccee65d47eba749a7
-
SHA1
b25cf7475351f1f9b205954d751041329b75d8d9
-
SHA256
c8ddf513dad4e319e738bad058a5ff1432057fab3f34f5402325b9e83909d864
-
SHA512
ebebac6c46754c3f2eb2b67f3cc47bc038ea2e66d88dcbae047d15424d4cd344022a8337a102c0bc22c5e657e217286a6bcdba146649573ba4d02c964f27457c
-
SSDEEP
1536:keZN1s3o5pMCgNlWnkEU2jKIUhycIIWBjSWD7yayIFbJmLvEVJHrwmO:kuvp5KNlc1jKjycIIWtDlfmLvQLw
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1