General
-
Target
2735603595461beb3a3aad862b5f29dd_JaffaCakes118
-
Size
23KB
-
Sample
240508-3fjp5ade3v
-
MD5
2735603595461beb3a3aad862b5f29dd
-
SHA1
16732384fed57d8833bbff49bf82a79e6d69a820
-
SHA256
cd55badf449d1d701c631d75846ac6928c285397223da050912190aa6d642619
-
SHA512
d4c3b45f15391398b377b6051ae2916c2a84018e1c08d7ff5bccc94bec828db8c690d5789cf06883e9a81d8db6c9c79466c609f684b5500f76710ea7ac837aba
-
SSDEEP
384:ozc6ze6e1PAhJVzC3tC1im/BsTx465gZ0rap9HBmRvR6JZlbw8hqIusZzZPO:o5e9EJLN/ERpcnuZ
Behavioral task
behavioral1
Sample
2735603595461beb3a3aad862b5f29dd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2735603595461beb3a3aad862b5f29dd_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.7d
Lammer
windowsuport.duckdns.org:1177
b025b1b10bc4e43a3ce4c8c9561b9557
-
reg_key
b025b1b10bc4e43a3ce4c8c9561b9557
-
splitter
|'|'|
Targets
-
-
Target
2735603595461beb3a3aad862b5f29dd_JaffaCakes118
-
Size
23KB
-
MD5
2735603595461beb3a3aad862b5f29dd
-
SHA1
16732384fed57d8833bbff49bf82a79e6d69a820
-
SHA256
cd55badf449d1d701c631d75846ac6928c285397223da050912190aa6d642619
-
SHA512
d4c3b45f15391398b377b6051ae2916c2a84018e1c08d7ff5bccc94bec828db8c690d5789cf06883e9a81d8db6c9c79466c609f684b5500f76710ea7ac837aba
-
SSDEEP
384:ozc6ze6e1PAhJVzC3tC1im/BsTx465gZ0rap9HBmRvR6JZlbw8hqIusZzZPO:o5e9EJLN/ERpcnuZ
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1