General
-
Target
2ad561e9bb9f780f56d5e7a280574432_JaffaCakes118
-
Size
375KB
-
Sample
241009-e4akcs1djh
-
MD5
2ad561e9bb9f780f56d5e7a280574432
-
SHA1
e6bc833d62ef0ec1e08674a0a8707e3ce2f09007
-
SHA256
54f33fa555874b30e6045c4bfd467779b0683e1bcafb69d0987c59019203c9d3
-
SHA512
8b74c1f6df444ce101102e3b036e2f77c9e0b1ebb085db2de8e45905ab10b47c845040548901632c130c4db6b4403a5905d864c461cb9bed6cd5fe49fc0ce064
-
SSDEEP
6144:dOm2B8bwepKH3435zfwJyJLcE0NBY5yoFdJraQqZC6P1ylyiec3fE:dOm2BgpKHo3lUyh0azJCZdylZjfE
Static task
static1
Behavioral task
behavioral1
Sample
2ad561e9bb9f780f56d5e7a280574432_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2ad561e9bb9f780f56d5e7a280574432_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
212.192.241.42:5552
34adf4afddd35097c6bf7951c5baad3a
-
reg_key
34adf4afddd35097c6bf7951c5baad3a
-
splitter
|'|'|
Targets
-
-
Target
2ad561e9bb9f780f56d5e7a280574432_JaffaCakes118
-
Size
375KB
-
MD5
2ad561e9bb9f780f56d5e7a280574432
-
SHA1
e6bc833d62ef0ec1e08674a0a8707e3ce2f09007
-
SHA256
54f33fa555874b30e6045c4bfd467779b0683e1bcafb69d0987c59019203c9d3
-
SHA512
8b74c1f6df444ce101102e3b036e2f77c9e0b1ebb085db2de8e45905ab10b47c845040548901632c130c4db6b4403a5905d864c461cb9bed6cd5fe49fc0ce064
-
SSDEEP
6144:dOm2B8bwepKH3435zfwJyJLcE0NBY5yoFdJraQqZC6P1ylyiec3fE:dOm2BgpKHo3lUyh0azJCZdylZjfE
-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2