General
-
Target
6d2b7843f0e9168704d4c71108cfdc50_JaffaCakes118
-
Size
1.1MB
-
Sample
240524-dvq1babb9y
-
MD5
6d2b7843f0e9168704d4c71108cfdc50
-
SHA1
3fb8ed1bc9eb790af15c1f18486ac5461a44ed71
-
SHA256
f2efdb91127d45b051573b56d5390401a0067eb015f2db95a65563dea235555e
-
SHA512
56622c990c77363bf709cba7684dd484fe96b24aa2f8f68828b494d556bb73d800955fc080a9d6e24d5f4c7f3c39a11d49d2870e1f0869a6912ef36fa67df0b0
-
SSDEEP
24576:NzPMEK/3JXKFN53ZVwK3FOn+rPcgVATn9LH4GkYsBHwEo:BPfWQjfY+bcgVmJQYsBHwR
Static task
static1
Behavioral task
behavioral1
Sample
6d2b7843f0e9168704d4c71108cfdc50_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6d2b7843f0e9168704d4c71108cfdc50_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
coder
81.61.77.92:5553
890f73d3282170b26075ca7917951b6e
-
reg_key
890f73d3282170b26075ca7917951b6e
-
splitter
|'|'|
Targets
-
-
Target
6d2b7843f0e9168704d4c71108cfdc50_JaffaCakes118
-
Size
1.1MB
-
MD5
6d2b7843f0e9168704d4c71108cfdc50
-
SHA1
3fb8ed1bc9eb790af15c1f18486ac5461a44ed71
-
SHA256
f2efdb91127d45b051573b56d5390401a0067eb015f2db95a65563dea235555e
-
SHA512
56622c990c77363bf709cba7684dd484fe96b24aa2f8f68828b494d556bb73d800955fc080a9d6e24d5f4c7f3c39a11d49d2870e1f0869a6912ef36fa67df0b0
-
SSDEEP
24576:NzPMEK/3JXKFN53ZVwK3FOn+rPcgVATn9LH4GkYsBHwEo:BPfWQjfY+bcgVmJQYsBHwR
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1