General
-
Target
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118
-
Size
23KB
-
Sample
240528-hjxqyaba33
-
MD5
7c0ef81ef52a99bc26a26aed61c6532d
-
SHA1
f0e189c7e4c75e0f0961e9f5150b1cebc07a440a
-
SHA256
81000dc1966cb3be3850943e75f6c08b97002c6b2aa1f020e4a74a0716b2de15
-
SHA512
cf5f9909f19e20fca38e67e0d7f20071de63ba31bd6132901f18254678f572fca172b22a01b5b6f517a6af7f30a0b786ddf5a04128e5cb9b6eabf179566dc0a6
-
SSDEEP
384:LY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZEP:0L2s+tRyRpcnul
Behavioral task
behavioral1
Sample
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.7d
Ratted
10.0.0.46:5552
e8c2fab912734648f8bb500fffb8db77
-
reg_key
e8c2fab912734648f8bb500fffb8db77
-
splitter
|'|'|
Targets
-
-
Target
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118
-
Size
23KB
-
MD5
7c0ef81ef52a99bc26a26aed61c6532d
-
SHA1
f0e189c7e4c75e0f0961e9f5150b1cebc07a440a
-
SHA256
81000dc1966cb3be3850943e75f6c08b97002c6b2aa1f020e4a74a0716b2de15
-
SHA512
cf5f9909f19e20fca38e67e0d7f20071de63ba31bd6132901f18254678f572fca172b22a01b5b6f517a6af7f30a0b786ddf5a04128e5cb9b6eabf179566dc0a6
-
SSDEEP
384:LY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZEP:0L2s+tRyRpcnul
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1