General
-
Target
80496ed45fd4d93eb47080a991bd5f7b_JaffaCakes118
-
Size
23KB
-
Sample
240529-llff8aac7v
-
MD5
80496ed45fd4d93eb47080a991bd5f7b
-
SHA1
aa599254505a2815f01bd1ef934798507d0360d6
-
SHA256
01b836a07d7ca886f4124815d2e26a7c6e4b710e2e2297a43d30a61521b36cea
-
SHA512
77ee2a39a2c0b6d46e0a2ac43319d45383ac2494a83a226f434425118bb76d6c3331606f5183ec6144d180914800131368f5b26783e3dbeaf3fa66ec2bf1427b
-
SSDEEP
384:m9LGxbWRa4Loa1MplQSmucW+EQ6Sg8KtTfyrqmRvR6JZlbw8hqIusZzZlrGz:3xbZailz7YRpcnusrG
Behavioral task
behavioral1
Sample
80496ed45fd4d93eb47080a991bd5f7b_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
80496ed45fd4d93eb47080a991bd5f7b_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
الــــقـــــوات المــــــــــصـــــريـــــة
ronymahmoudn.ddns.net:6666
dcb969badc3b461494cd40fa378bcfe5
-
reg_key
dcb969badc3b461494cd40fa378bcfe5
-
splitter
|'|'|
Targets
-
-
Target
80496ed45fd4d93eb47080a991bd5f7b_JaffaCakes118
-
Size
23KB
-
MD5
80496ed45fd4d93eb47080a991bd5f7b
-
SHA1
aa599254505a2815f01bd1ef934798507d0360d6
-
SHA256
01b836a07d7ca886f4124815d2e26a7c6e4b710e2e2297a43d30a61521b36cea
-
SHA512
77ee2a39a2c0b6d46e0a2ac43319d45383ac2494a83a226f434425118bb76d6c3331606f5183ec6144d180914800131368f5b26783e3dbeaf3fa66ec2bf1427b
-
SSDEEP
384:m9LGxbWRa4Loa1MplQSmucW+EQ6Sg8KtTfyrqmRvR6JZlbw8hqIusZzZlrGz:3xbZailz7YRpcnusrG
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1