General
-
Target
471f44b8dda9fc7d870fd9c3b0ca9e9e_JaffaCakes118
-
Size
1.1MB
-
Sample
240515-vffdpsae9v
-
MD5
471f44b8dda9fc7d870fd9c3b0ca9e9e
-
SHA1
468f47c964cb5b5f55b5815ca59933267da4dd7a
-
SHA256
087ab14dccf27b8defe6fd4b00e60d602b42dc9bcc92d4b71eaa71d34bb146a8
-
SHA512
3b70b76a6072b312821ae264cc77bb00ff9df08d5106339ae6fce52f416514cbd550560fd394eea0c325e821285878f1db6c414c1c936701f0aa50fd72caa6f4
-
SSDEEP
24576:25CUuHFZER78cA3Mp2Gc/tcTG6cYKY54I66WierjjALnDj:0eHFZM7tAG2GcliG4KYR66Wi0j0Dj
Static task
static1
Behavioral task
behavioral1
Sample
471f44b8dda9fc7d870fd9c3b0ca9e9e_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
471f44b8dda9fc7d870fd9c3b0ca9e9e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
im523
HacKer
91.232.111.212:7777
4a3d67ee61b43118e4130164dec374f7
-
reg_key
4a3d67ee61b43118e4130164dec374f7
-
splitter
|'|'|
Targets
-
-
Target
471f44b8dda9fc7d870fd9c3b0ca9e9e_JaffaCakes118
-
Size
1.1MB
-
MD5
471f44b8dda9fc7d870fd9c3b0ca9e9e
-
SHA1
468f47c964cb5b5f55b5815ca59933267da4dd7a
-
SHA256
087ab14dccf27b8defe6fd4b00e60d602b42dc9bcc92d4b71eaa71d34bb146a8
-
SHA512
3b70b76a6072b312821ae264cc77bb00ff9df08d5106339ae6fce52f416514cbd550560fd394eea0c325e821285878f1db6c414c1c936701f0aa50fd72caa6f4
-
SSDEEP
24576:25CUuHFZER78cA3Mp2Gc/tcTG6cYKY54I66WierjjALnDj:0eHFZM7tAG2GcliG4KYR66Wi0j0Dj
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1