General
-
Target
0c76e3365993d5c24e7d210a5f53b64e_JaffaCakes118
-
Size
100KB
-
Sample
240625-errm4szcqh
-
MD5
0c76e3365993d5c24e7d210a5f53b64e
-
SHA1
d0edec4bb157fa27764578dd8f46e546935ac4f8
-
SHA256
047d8eb18f79ce3958d974af6bdb89da38abff243bae5af1eb8137d39e893aa7
-
SHA512
c5b7770fa8698d164e7c214f98fac914da72744ebe04533750756f3ddb9b32f7e7f0e6f35d5957af2ffca07480f31d4bf43dbf94cf8a0abb2d846172dc5d232f
-
SSDEEP
3072:9Lc7HWxTdllPCWb6SuL5Hg8Jti8vWqitwLm:9ciTdUHn
Static task
static1
Behavioral task
behavioral1
Sample
0c76e3365993d5c24e7d210a5f53b64e_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0c76e3365993d5c24e7d210a5f53b64e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
im523
w4170
127.0.0.1:2553
49aa5a94bca34c496c2f9d9944058dec
-
reg_key
49aa5a94bca34c496c2f9d9944058dec
-
splitter
|'|'|
Targets
-
-
Target
0c76e3365993d5c24e7d210a5f53b64e_JaffaCakes118
-
Size
100KB
-
MD5
0c76e3365993d5c24e7d210a5f53b64e
-
SHA1
d0edec4bb157fa27764578dd8f46e546935ac4f8
-
SHA256
047d8eb18f79ce3958d974af6bdb89da38abff243bae5af1eb8137d39e893aa7
-
SHA512
c5b7770fa8698d164e7c214f98fac914da72744ebe04533750756f3ddb9b32f7e7f0e6f35d5957af2ffca07480f31d4bf43dbf94cf8a0abb2d846172dc5d232f
-
SSDEEP
3072:9Lc7HWxTdllPCWb6SuL5Hg8Jti8vWqitwLm:9ciTdUHn
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1