General
-
Target
cae8923155d45220def3abe2be6695af_JaffaCakes118
-
Size
70KB
-
Sample
240830-qfx7aswakc
-
MD5
cae8923155d45220def3abe2be6695af
-
SHA1
8636009dbc5b870f328158c32f9a702badf23388
-
SHA256
23f3dc4ec909db89c98d7501967baaa8e967031c0586a7784c82b405743cb7e0
-
SHA512
02206d43ddc0dbf7cf1ca4a80dfc75366568166816fd4ecf00957712864ddf0d6d08f953e8679733614e9d6edbfb76ffd0ee0b7871c47ec73da7bc41c03e24bd
-
SSDEEP
1536:wGMeQS6X6J9BA7rOCoo0OKLBB39jSUYuC0Q+:3DQfX6JY7RFKFR9jNZa+
Static task
static1
Behavioral task
behavioral1
Sample
cae8923155d45220def3abe2be6695af_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
njrat
0.7d
HacKed
78.205.17.20:6699
714bb89cc78e0b9f01ac161b3ff8b767
-
reg_key
714bb89cc78e0b9f01ac161b3ff8b767
-
splitter
|'|'|
Targets
-
-
Target
cae8923155d45220def3abe2be6695af_JaffaCakes118
-
Size
70KB
-
MD5
cae8923155d45220def3abe2be6695af
-
SHA1
8636009dbc5b870f328158c32f9a702badf23388
-
SHA256
23f3dc4ec909db89c98d7501967baaa8e967031c0586a7784c82b405743cb7e0
-
SHA512
02206d43ddc0dbf7cf1ca4a80dfc75366568166816fd4ecf00957712864ddf0d6d08f953e8679733614e9d6edbfb76ffd0ee0b7871c47ec73da7bc41c03e24bd
-
SSDEEP
1536:wGMeQS6X6J9BA7rOCoo0OKLBB39jSUYuC0Q+:3DQfX6JY7RFKFR9jNZa+
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1