General
-
Target
7d1e1abb5a01c42324eebd6087cb8393_JaffaCakes118
-
Size
554KB
-
Sample
240731-tw78zsxeka
-
MD5
7d1e1abb5a01c42324eebd6087cb8393
-
SHA1
8a031657708f2a085de0153eb8d2c4a61288bf9b
-
SHA256
626dc4e54d8e594a2d6a809117601e7f6614a7484f5dc229da7da9bd39a62a0c
-
SHA512
18e93b949be16de67205e0cc56ffe38b37ffcf4ff8570a5b9654488492919f8edb207e9501b97cf9798385343f5e565536691fc856767c08af321157b563fbcb
-
SSDEEP
12288:1awl6z3KWA/c6O+9FNQDlCnpDo8RkTn1ooQEbBYeCnOKXZA918MwtOHAqaN:P43ocd+9FNGsN90nWEN
Static task
static1
Behavioral task
behavioral1
Sample
7d1e1abb5a01c42324eebd6087cb8393_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
7d1e1abb5a01c42324eebd6087cb8393_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
njrat
0.7.3
SUECIA
suecia12.duckdns.org:1990
Client.exe
-
reg_key
Client.exe
-
splitter
1990
Targets
-
-
Target
7d1e1abb5a01c42324eebd6087cb8393_JaffaCakes118
-
Size
554KB
-
MD5
7d1e1abb5a01c42324eebd6087cb8393
-
SHA1
8a031657708f2a085de0153eb8d2c4a61288bf9b
-
SHA256
626dc4e54d8e594a2d6a809117601e7f6614a7484f5dc229da7da9bd39a62a0c
-
SHA512
18e93b949be16de67205e0cc56ffe38b37ffcf4ff8570a5b9654488492919f8edb207e9501b97cf9798385343f5e565536691fc856767c08af321157b563fbcb
-
SSDEEP
12288:1awl6z3KWA/c6O+9FNQDlCnpDo8RkTn1ooQEbBYeCnOKXZA918MwtOHAqaN:P43ocd+9FNGsN90nWEN
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1