General
-
Target
248142aea460cc39937a45ddd2873c3a_JaffaCakes118
-
Size
36KB
-
Sample
241008-yjfenazbpk
-
MD5
248142aea460cc39937a45ddd2873c3a
-
SHA1
00d92a85c938e3449b7c8463c9b8465a0124498b
-
SHA256
3917248c65c30739e04d5a6141bdd0140b30852a2680698e083be03904c0341a
-
SHA512
c8ca79d6958fa694fb4c460b690a39e47ce9cce879502922d5bb825fcd7d47558b5d1ca6535c42ea81a8ed3e03b04a271594b5f2cade302c09ff3b67d86ea553
-
SSDEEP
384:H+qIiuVjtD+P3V+y0bf2TKtvN4suKfdrAF+rMRTyN/0L+EcoinblneHQM3epzXwq:eNmV10bf2TKtClK1rM+rMRa8NuNaWt
Behavioral task
behavioral1
Sample
248142aea460cc39937a45ddd2873c3a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
248142aea460cc39937a45ddd2873c3a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
im523
HacKed
192.168.0.104:25565
986c64151b7027cb49fc754500077dc6
-
reg_key
986c64151b7027cb49fc754500077dc6
-
splitter
|'|'|
Targets
-
-
Target
248142aea460cc39937a45ddd2873c3a_JaffaCakes118
-
Size
36KB
-
MD5
248142aea460cc39937a45ddd2873c3a
-
SHA1
00d92a85c938e3449b7c8463c9b8465a0124498b
-
SHA256
3917248c65c30739e04d5a6141bdd0140b30852a2680698e083be03904c0341a
-
SHA512
c8ca79d6958fa694fb4c460b690a39e47ce9cce879502922d5bb825fcd7d47558b5d1ca6535c42ea81a8ed3e03b04a271594b5f2cade302c09ff3b67d86ea553
-
SSDEEP
384:H+qIiuVjtD+P3V+y0bf2TKtvN4suKfdrAF+rMRTyN/0L+EcoinblneHQM3epzXwq:eNmV10bf2TKtClK1rM+rMRa8NuNaWt
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1