General
-
Target
d7a7506dc6883535744b94df18ddce8c_JaffaCakes118
-
Size
23KB
-
Sample
240910-gaeckazgkf
-
MD5
d7a7506dc6883535744b94df18ddce8c
-
SHA1
dcb83468bdfc65ef0a275a20129652f8ff537112
-
SHA256
bdaff6126c2588acd0f6bc92a3bf1c902596a280271340e2dfdd4f6a5539c4d7
-
SHA512
fcdf877a4ea1175facaa2509384d441a96e6cc26950a7e23a1c447855104ea39e80d71d3940162f30a01f813f73fde0e4269c4ae37c2c1d3aed3ca7e0ec99eb7
-
SSDEEP
384:IMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZimQ:rb9glF51LRpcnuB
Behavioral task
behavioral1
Sample
d7a7506dc6883535744b94df18ddce8c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d7a7506dc6883535744b94df18ddce8c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.7d
HacKed
thetiger.linkpc.net:5552
cb733ea86cd5129e693ea7211502e58b
-
reg_key
cb733ea86cd5129e693ea7211502e58b
-
splitter
|'|'|
Targets
-
-
Target
d7a7506dc6883535744b94df18ddce8c_JaffaCakes118
-
Size
23KB
-
MD5
d7a7506dc6883535744b94df18ddce8c
-
SHA1
dcb83468bdfc65ef0a275a20129652f8ff537112
-
SHA256
bdaff6126c2588acd0f6bc92a3bf1c902596a280271340e2dfdd4f6a5539c4d7
-
SHA512
fcdf877a4ea1175facaa2509384d441a96e6cc26950a7e23a1c447855104ea39e80d71d3940162f30a01f813f73fde0e4269c4ae37c2c1d3aed3ca7e0ec99eb7
-
SSDEEP
384:IMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZimQ:rb9glF51LRpcnuB
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1