General
-
Target
7b777263642cd694415accdb45b19de6_JaffaCakes118
-
Size
223KB
-
Sample
240528-dkgc5ade66
-
MD5
7b777263642cd694415accdb45b19de6
-
SHA1
157c6b950a34e59a575c943955d4a6347f484b2b
-
SHA256
23ce7d714e8ccd6fe40a1b10803b587e2cf4dbb61e8ee4624654d7fd2c38bdf7
-
SHA512
525a71dd76441cb2f25706594217ddff2300fb1c177f821334993c46e041a8ac3416031183f013083397ec270a15e0b98cb28579ed891a003a58321c52e55e6a
-
SSDEEP
1536:SoqdjhPaj/r8YOQLFCdZt5W8SOMIOGZ+qqeydYNAX5Jo/FRKP6ecRiTn:Od0jjNfgZt5Wpkee/C
Static task
static1
Behavioral task
behavioral1
Sample
7b777263642cd694415accdb45b19de6_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7b777263642cd694415accdb45b19de6_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
cb4cb4
cb4cb4.ddns.net:1604
2b4311709f49c1773d2dd641126cf3dd
-
reg_key
2b4311709f49c1773d2dd641126cf3dd
-
splitter
|'|'|
Targets
-
-
Target
7b777263642cd694415accdb45b19de6_JaffaCakes118
-
Size
223KB
-
MD5
7b777263642cd694415accdb45b19de6
-
SHA1
157c6b950a34e59a575c943955d4a6347f484b2b
-
SHA256
23ce7d714e8ccd6fe40a1b10803b587e2cf4dbb61e8ee4624654d7fd2c38bdf7
-
SHA512
525a71dd76441cb2f25706594217ddff2300fb1c177f821334993c46e041a8ac3416031183f013083397ec270a15e0b98cb28579ed891a003a58321c52e55e6a
-
SSDEEP
1536:SoqdjhPaj/r8YOQLFCdZt5W8SOMIOGZ+qqeydYNAX5Jo/FRKP6ecRiTn:Od0jjNfgZt5Wpkee/C
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1