General
-
Target
863d99f742f8d643ed331365ae39dd8e_JaffaCakes118
-
Size
31KB
-
Sample
240531-hjrjxsbb95
-
MD5
863d99f742f8d643ed331365ae39dd8e
-
SHA1
485903e35a73d6fa7b7bb4b7fdcf03831f4493f2
-
SHA256
1042569cf8c6c21808032769a56ccb596f9d7226e5dbbf689b3dc5f91013087e
-
SHA512
1583397cbba9609864a8107f7ee8a7c82d46d63b1e7fcef137855f32c619008f8e84047311d57abab4f03f284ca5405a838ccf97fa9837b5fd69015a92b64718
-
SSDEEP
768:7xijNXuTthUzxf6rdwA3th9virQmIDUu0tirnj:AN+KKPsQVkKj
Behavioral task
behavioral1
Sample
863d99f742f8d643ed331365ae39dd8e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
863d99f742f8d643ed331365ae39dd8e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
kyky
109.202.54.48:6522
99e954fa342acd7726c6a160817080c2
-
reg_key
99e954fa342acd7726c6a160817080c2
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
863d99f742f8d643ed331365ae39dd8e_JaffaCakes118
-
Size
31KB
-
MD5
863d99f742f8d643ed331365ae39dd8e
-
SHA1
485903e35a73d6fa7b7bb4b7fdcf03831f4493f2
-
SHA256
1042569cf8c6c21808032769a56ccb596f9d7226e5dbbf689b3dc5f91013087e
-
SHA512
1583397cbba9609864a8107f7ee8a7c82d46d63b1e7fcef137855f32c619008f8e84047311d57abab4f03f284ca5405a838ccf97fa9837b5fd69015a92b64718
-
SSDEEP
768:7xijNXuTthUzxf6rdwA3th9virQmIDUu0tirnj:AN+KKPsQVkKj
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1