General
-
Target
ea473bd1e6f91a020a89b25695d8ba35_JaffaCakes118
-
Size
55KB
-
Sample
240919-a326rssakh
-
MD5
ea473bd1e6f91a020a89b25695d8ba35
-
SHA1
92a56a271532038532d7091830e3f9f7a8a871be
-
SHA256
d264f3aa382f23e1b0bf3176f54a8f1b977b7daf482af3f8d384dc7d1b8db27e
-
SHA512
96f2cc0a73bd041d0f6a5f48d6e88407e7c8832835bb437378031d701672d4a0edce41f648b1aa4ed34f67190a66aaf3f53e5552de853b83d65e4d38028ff541
-
SSDEEP
1536:RKgzkS8p1G/NsOCMuvrEFWyC4hGW53K1G/NsOCMuvrEFWyC4hGW:RKgzkS8qC7yxwW53vC7yxwW
Static task
static1
Behavioral task
behavioral1
Sample
ea473bd1e6f91a020a89b25695d8ba35_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ea473bd1e6f91a020a89b25695d8ba35_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
23f0e3bce589df29a3e6f3e8879b41c1
-
reg_key
23f0e3bce589df29a3e6f3e8879b41c1
-
splitter
|'|'|
Targets
-
-
Target
ea473bd1e6f91a020a89b25695d8ba35_JaffaCakes118
-
Size
55KB
-
MD5
ea473bd1e6f91a020a89b25695d8ba35
-
SHA1
92a56a271532038532d7091830e3f9f7a8a871be
-
SHA256
d264f3aa382f23e1b0bf3176f54a8f1b977b7daf482af3f8d384dc7d1b8db27e
-
SHA512
96f2cc0a73bd041d0f6a5f48d6e88407e7c8832835bb437378031d701672d4a0edce41f648b1aa4ed34f67190a66aaf3f53e5552de853b83d65e4d38028ff541
-
SSDEEP
1536:RKgzkS8p1G/NsOCMuvrEFWyC4hGW53K1G/NsOCMuvrEFWyC4hGW:RKgzkS8qC7yxwW53vC7yxwW
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1