General
-
Target
6dc9f85dc63d88d82305ee118a6dc35b_JaffaCakes118
-
Size
252KB
-
Sample
240524-jlqwvaac47
-
MD5
6dc9f85dc63d88d82305ee118a6dc35b
-
SHA1
0ad2a307a342ddf2f5f24f6ef80bffcc51bf912f
-
SHA256
4a6fd719619ff72fa045f8fe1c386407d5819d321819119ffb5908bc40626865
-
SHA512
a051cbbf93e2854d4b4249c013606f6ac20a4d50cbdf597786e006d739cf78454eb0f0ca0bc4a3a8e102143cb9cfcd09b0d3aa184c6874a554fba8bba912d64c
-
SSDEEP
6144:bnx1pFOA758zGjdZAxlhGLnv4LNStRpRzAtpJkWl:DOA18zGuGDARSzAXl
Static task
static1
Behavioral task
behavioral1
Sample
6dc9f85dc63d88d82305ee118a6dc35b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6dc9f85dc63d88d82305ee118a6dc35b_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
..exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
..exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
fb.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
fb.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.6.4
HacKed
snopi.ddns.net:9100
5bfa04bf4e1b1b13538ee68039ccfeba
-
reg_key
5bfa04bf4e1b1b13538ee68039ccfeba
-
splitter
|'|'|
Targets
-
-
Target
6dc9f85dc63d88d82305ee118a6dc35b_JaffaCakes118
-
Size
252KB
-
MD5
6dc9f85dc63d88d82305ee118a6dc35b
-
SHA1
0ad2a307a342ddf2f5f24f6ef80bffcc51bf912f
-
SHA256
4a6fd719619ff72fa045f8fe1c386407d5819d321819119ffb5908bc40626865
-
SHA512
a051cbbf93e2854d4b4249c013606f6ac20a4d50cbdf597786e006d739cf78454eb0f0ca0bc4a3a8e102143cb9cfcd09b0d3aa184c6874a554fba8bba912d64c
-
SSDEEP
6144:bnx1pFOA758zGjdZAxlhGLnv4LNStRpRzAtpJkWl:DOA18zGuGDARSzAXl
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
..exe
-
Size
97KB
-
MD5
6b2f9bd816a587fc95b180165fc2de52
-
SHA1
883d0273809933c3f1c8c3028a3292a6b6b685a3
-
SHA256
3e724526d13e04bd577505dca03ce99a84ec6b51997b08bcb91b998ef724f5ec
-
SHA512
1b588c9ab8251c0f7389944cc9ba79c2ff17c37c1824743e06f0634c1a159835b3744b1a6e8718e1c2594832a913d657cb7d35b4eb7faed613f5e0fced8d1cea
-
SSDEEP
1536:39YrtUwWH5c+gEfNmZbmLMxA6uNua+QO/OTz/3rn47sBtNW98dtaVZaR/J1fHw0U:3OrxI5PmxDuNuNQ+4YY97g
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
fb.exe
-
Size
348KB
-
MD5
e4ef92e29a8783494b782f36b4945197
-
SHA1
f8cbd43814bee27349e88aec712c15fd5f8827e5
-
SHA256
934a506ab96759ed32ba1d0bd73191f0369b90af62ad52a934f577e5d1823161
-
SHA512
a1c38125b841e23223c7daf4230a6c4cfdec9dfef7d7a986ab6b037ba9de0be3744f6f53d24aa1ae03451ff7848695f33fb5effe8da3d5e455f3e630b54a4187
-
SSDEEP
6144:fKqOvPVDIpw5pfYRVjwKQvEAp38cy6HqxqOFh4IDH2u8:SXpfYXjwKQvacyr/DW
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1