General
-
Target
3047a47ecd3436128b20f16c29d63550_JaffaCakes118
-
Size
649KB
-
Sample
241010-rhwlxszbjf
-
MD5
3047a47ecd3436128b20f16c29d63550
-
SHA1
a3b51245612735a44dc4b5ccb81829d05c9daf4f
-
SHA256
b684e8c6223d2ece39800ed26431e8bfc0b8198c515327de3270200a60aec07d
-
SHA512
e8c51d052454d42e339531fafdf39366b850125a4710c234ea820ed891bd1b24700929706258e3fc966b5de781fc8b2e07a2f8655565469518d67cc39c34534f
-
SSDEEP
12288:sO29h7ukziWy9EUKFTZdXTZdHXTZdXTZkCG644FFxHPvtS8ULd+mQb+mQwWhhhhx:sO29ESiWy9EFFTZdXTZdHXTZdXTZkL6U
Static task
static1
Behavioral task
behavioral1
Sample
3047a47ecd3436128b20f16c29d63550_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3047a47ecd3436128b20f16c29d63550_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
v2.0
HacKed
62.227.124.106:5552
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
3047a47ecd3436128b20f16c29d63550_JaffaCakes118
-
Size
649KB
-
MD5
3047a47ecd3436128b20f16c29d63550
-
SHA1
a3b51245612735a44dc4b5ccb81829d05c9daf4f
-
SHA256
b684e8c6223d2ece39800ed26431e8bfc0b8198c515327de3270200a60aec07d
-
SHA512
e8c51d052454d42e339531fafdf39366b850125a4710c234ea820ed891bd1b24700929706258e3fc966b5de781fc8b2e07a2f8655565469518d67cc39c34534f
-
SSDEEP
12288:sO29h7ukziWy9EUKFTZdXTZdHXTZdXTZkCG644FFxHPvtS8ULd+mQb+mQwWhhhhx:sO29ESiWy9EFFTZdXTZdHXTZdXTZkL6U
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1