General
-
Target
81edcd946e3156ee49f7c24b7100b110_JaffaCakes118
-
Size
3.7MB
-
Sample
240529-zy23msaf67
-
MD5
81edcd946e3156ee49f7c24b7100b110
-
SHA1
438562088c52dcf14ccb9a81fb76e5b42b9f87f0
-
SHA256
53e6818c438ceb53a4213a0cd961359043fff77bc2bb0674992e54c83705c852
-
SHA512
8d8959a98fd40c58677edcebcf42ad3fb9ab36411e84526e34a30d90ddab938e7d2d22aa5295c86bf794798c1892bac6d1e6b442126fa7eca1cdd899b5a9ca83
-
SSDEEP
98304:abXsyiWeIqEsMISXg0V8Mw118EdMUDAM:abXfLQtL3LL
Static task
static1
Behavioral task
behavioral1
Sample
81edcd946e3156ee49f7c24b7100b110_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
81edcd946e3156ee49f7c24b7100b110_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
GENRAM MOTO
milla.publicvm.com:1177
c1e444094e4e1836ba8400b3d476c9ef
-
reg_key
c1e444094e4e1836ba8400b3d476c9ef
-
splitter
|'|'|
Targets
-
-
Target
81edcd946e3156ee49f7c24b7100b110_JaffaCakes118
-
Size
3.7MB
-
MD5
81edcd946e3156ee49f7c24b7100b110
-
SHA1
438562088c52dcf14ccb9a81fb76e5b42b9f87f0
-
SHA256
53e6818c438ceb53a4213a0cd961359043fff77bc2bb0674992e54c83705c852
-
SHA512
8d8959a98fd40c58677edcebcf42ad3fb9ab36411e84526e34a30d90ddab938e7d2d22aa5295c86bf794798c1892bac6d1e6b442126fa7eca1cdd899b5a9ca83
-
SSDEEP
98304:abXsyiWeIqEsMISXg0V8Mw118EdMUDAM:abXfLQtL3LL
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1