General
-
Target
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118
-
Size
23KB
-
Sample
240520-mqwjnsge51
-
MD5
5ea52f0824d8cdf4dd40c3e007a1bafa
-
SHA1
d5058b117ce1c2b0d4277a28da403e954b97545c
-
SHA256
4f76232b0a33d19527d88d9c2c5d0134bee65501122a21acb8ae6ec48903e45f
-
SHA512
275f02c636dff7505eb23d7eeddc4e34e364093887224a1040f7c9bfeea5298a2b95869d1146fc32abc141cef723efc1f1c4a48da155e15476176ba44ccb7441
-
SSDEEP
384:OwTSiYWD2Z7w3CsJeiecwJ3fw6FgzeAh33RtmRvR6JZlbw8hqIusZzZ9M:lvZiBK1edJRpcnu9
Behavioral task
behavioral1
Sample
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
VICTIME
vendetta2020.ddns.net:5552
8541e6390ca03a5ae76a86b0f2df0b93
-
reg_key
8541e6390ca03a5ae76a86b0f2df0b93
-
splitter
|'|'|
Targets
-
-
Target
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118
-
Size
23KB
-
MD5
5ea52f0824d8cdf4dd40c3e007a1bafa
-
SHA1
d5058b117ce1c2b0d4277a28da403e954b97545c
-
SHA256
4f76232b0a33d19527d88d9c2c5d0134bee65501122a21acb8ae6ec48903e45f
-
SHA512
275f02c636dff7505eb23d7eeddc4e34e364093887224a1040f7c9bfeea5298a2b95869d1146fc32abc141cef723efc1f1c4a48da155e15476176ba44ccb7441
-
SSDEEP
384:OwTSiYWD2Z7w3CsJeiecwJ3fw6FgzeAh33RtmRvR6JZlbw8hqIusZzZ9M:lvZiBK1edJRpcnu9
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1