General
-
Target
6c38259b5ece98e227e7d5cd396fa3d0_JaffaCakes118
-
Size
230KB
-
Sample
240523-znqlvsga2v
-
MD5
6c38259b5ece98e227e7d5cd396fa3d0
-
SHA1
c9a1fd4d5551494daa416bdeeb9117b49c89092f
-
SHA256
407db91b4d0b0fb62de83a36f32641a7dd99517e09bce67794b472a930c760cf
-
SHA512
82212ebcef256a93f7b16af9d0513d9fb3c26825682792e4e35e5bff7a5c8e0e90bd95f5a471aeb55b6df0e39c66b06b7c3f54efe372483d885c4a2d2d02afc6
-
SSDEEP
3072:CNrpg6Z+yJx2Gnilp5YgIQWUn3FFIGOgRd+yuRyZhT:4rpg78niT3F7
Behavioral task
behavioral1
Sample
6c38259b5ece98e227e7d5cd396fa3d0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6c38259b5ece98e227e7d5cd396fa3d0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
im523
xuycocu
xatabomsha1470.ddns.net:4646
8b43d0ebdf1194096535a79e32c6e582
-
reg_key
8b43d0ebdf1194096535a79e32c6e582
-
splitter
|'|'|
Targets
-
-
Target
6c38259b5ece98e227e7d5cd396fa3d0_JaffaCakes118
-
Size
230KB
-
MD5
6c38259b5ece98e227e7d5cd396fa3d0
-
SHA1
c9a1fd4d5551494daa416bdeeb9117b49c89092f
-
SHA256
407db91b4d0b0fb62de83a36f32641a7dd99517e09bce67794b472a930c760cf
-
SHA512
82212ebcef256a93f7b16af9d0513d9fb3c26825682792e4e35e5bff7a5c8e0e90bd95f5a471aeb55b6df0e39c66b06b7c3f54efe372483d885c4a2d2d02afc6
-
SSDEEP
3072:CNrpg6Z+yJx2Gnilp5YgIQWUn3FFIGOgRd+yuRyZhT:4rpg78niT3F7
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1