General
-
Target
669fea569bfb18b3474cd2d89d512043_JaffaCakes118
-
Size
1.3MB
-
Sample
240522-kahxjahe8y
-
MD5
669fea569bfb18b3474cd2d89d512043
-
SHA1
77d556e37ddd27a23370c7d2602421b02c76d089
-
SHA256
191b4723e1d1ad15ea64a3b68377edb2647f1eda16d88f0817443ec293013350
-
SHA512
f5a277e260422ea05d311107e03dd536deba067d29ed41bb664145e150128947d18b44e2ac1ca679c5cf1975d95e97ecb13c83f981e3b6a867d12b35e45b1446
-
SSDEEP
3072:qNNwCmByk4u5v5c1smXz7eU6IzI19QG16lcsb:qCBykAxX2U6l4GVsb
Static task
static1
Behavioral task
behavioral1
Sample
669fea569bfb18b3474cd2d89d512043_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
669fea569bfb18b3474cd2d89d512043_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.6.4
تم الاختراق من قبل دكتور الغربية #
Dr187.ddns.net:999
59e66e4fd01ed7a53bb65713760bdb7d
-
reg_key
59e66e4fd01ed7a53bb65713760bdb7d
-
splitter
|'|'|
Targets
-
-
Target
669fea569bfb18b3474cd2d89d512043_JaffaCakes118
-
Size
1.3MB
-
MD5
669fea569bfb18b3474cd2d89d512043
-
SHA1
77d556e37ddd27a23370c7d2602421b02c76d089
-
SHA256
191b4723e1d1ad15ea64a3b68377edb2647f1eda16d88f0817443ec293013350
-
SHA512
f5a277e260422ea05d311107e03dd536deba067d29ed41bb664145e150128947d18b44e2ac1ca679c5cf1975d95e97ecb13c83f981e3b6a867d12b35e45b1446
-
SSDEEP
3072:qNNwCmByk4u5v5c1smXz7eU6IzI19QG16lcsb:qCBykAxX2U6l4GVsb
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1