General
-
Target
0d8554175edcb72dfe46a7cca2697ed7_JaffaCakes118
-
Size
112KB
-
Sample
240625-lahr7sthml
-
MD5
0d8554175edcb72dfe46a7cca2697ed7
-
SHA1
22da1d54eb857b9e4b7a2f7757fbe122e7a6b3f0
-
SHA256
e9bf3d6164774120b86df1d120ce2fe6fcf48e1121ebe794ebfc0553feb3185c
-
SHA512
b436c24a94a44096152cc45d8c1149748ca38523fcb9d7d0ddb99ed18c0a937ed1474ad0c634d654e62827cf11418d12108bc9680f2c44381538d68f64724ab8
-
SSDEEP
3072:JvUhOJKgugxTdllPCWb6SuL5Hg8Jti8vWqitwL8:JvUhOJKgFTdUHn
Static task
static1
Behavioral task
behavioral1
Sample
0d8554175edcb72dfe46a7cca2697ed7_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0d8554175edcb72dfe46a7cca2697ed7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
svchost.exe
mytong1.ze.am:5552
c1848c8da1204ace364b2b3206b9c068
-
reg_key
c1848c8da1204ace364b2b3206b9c068
-
splitter
|'|'|
Targets
-
-
Target
0d8554175edcb72dfe46a7cca2697ed7_JaffaCakes118
-
Size
112KB
-
MD5
0d8554175edcb72dfe46a7cca2697ed7
-
SHA1
22da1d54eb857b9e4b7a2f7757fbe122e7a6b3f0
-
SHA256
e9bf3d6164774120b86df1d120ce2fe6fcf48e1121ebe794ebfc0553feb3185c
-
SHA512
b436c24a94a44096152cc45d8c1149748ca38523fcb9d7d0ddb99ed18c0a937ed1474ad0c634d654e62827cf11418d12108bc9680f2c44381538d68f64724ab8
-
SSDEEP
3072:JvUhOJKgugxTdllPCWb6SuL5Hg8Jti8vWqitwL8:JvUhOJKgFTdUHn
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1