General
-
Target
372af030e33e6326192782579c0160dc_JaffaCakes118
-
Size
69KB
-
Sample
241011-2lx92axhkb
-
MD5
372af030e33e6326192782579c0160dc
-
SHA1
44059731a3fa1e990698fa09935cfa7ab79dca49
-
SHA256
9dcf50d314d9541efbfd3b519fe5bc619478d8fcd116ab21ada07c4da2786088
-
SHA512
cd0aa59c889e9a8933ffda4a33bdf175c318a0c1c3258c88d83a77e2356c06cb5cc7dac7bce03459376a213620caee587061a38e406efe57d520c503ee2d6b8f
-
SSDEEP
1536:cWD1ciNrSVTR1cQHUeq/6YThUoUyPspdA4GSuw1+:vD+JR1cQ0eqCYThU5yPedv+
Static task
static1
Behavioral task
behavioral1
Sample
372af030e33e6326192782579c0160dc_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
372af030e33e6326192782579c0160dc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
@ HaCkInG By Dr WeSt @
w187.ddns.net:2020
4ef9538b5a577a1bd3c1a578ea50c133
-
reg_key
4ef9538b5a577a1bd3c1a578ea50c133
-
splitter
|'|'|
Targets
-
-
Target
372af030e33e6326192782579c0160dc_JaffaCakes118
-
Size
69KB
-
MD5
372af030e33e6326192782579c0160dc
-
SHA1
44059731a3fa1e990698fa09935cfa7ab79dca49
-
SHA256
9dcf50d314d9541efbfd3b519fe5bc619478d8fcd116ab21ada07c4da2786088
-
SHA512
cd0aa59c889e9a8933ffda4a33bdf175c318a0c1c3258c88d83a77e2356c06cb5cc7dac7bce03459376a213620caee587061a38e406efe57d520c503ee2d6b8f
-
SSDEEP
1536:cWD1ciNrSVTR1cQHUeq/6YThUoUyPspdA4GSuw1+:vD+JR1cQ0eqCYThU5yPedv+
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1