General
-
Target
d9099f83917e6efe7280a1863699ca47_JaffaCakes118
-
Size
125KB
-
Sample
241209-lv9resymbl
-
MD5
d9099f83917e6efe7280a1863699ca47
-
SHA1
752f9f428ae1a7e1d79690ffcd7441f43ca7c0b9
-
SHA256
beaa6a37227f0830fb24eb0114eb01cc119224b90307d921491df0154bca1b0a
-
SHA512
3a9b3a7f746d7defb9aa82e14100139b5495f31b6ce603bdf282aeaa8064a09d134c74089cda6e44efc32b0c0e37fd7ec6932b1b87f015b62cb80a544e51d36a
-
SSDEEP
3072:28mGSm+6N6CmgIRe6HpWnqEm/OUvnRPFULnrqA61tZ4g:omT36Hp4mbKnrH6fZ4
Static task
static1
Behavioral task
behavioral1
Sample
d9099f83917e6efe7280a1863699ca47_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d9099f83917e6efe7280a1863699ca47_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d9099f83917e6efe7280a1863699ca47_JaffaCakes118
-
Size
125KB
-
MD5
d9099f83917e6efe7280a1863699ca47
-
SHA1
752f9f428ae1a7e1d79690ffcd7441f43ca7c0b9
-
SHA256
beaa6a37227f0830fb24eb0114eb01cc119224b90307d921491df0154bca1b0a
-
SHA512
3a9b3a7f746d7defb9aa82e14100139b5495f31b6ce603bdf282aeaa8064a09d134c74089cda6e44efc32b0c0e37fd7ec6932b1b87f015b62cb80a544e51d36a
-
SSDEEP
3072:28mGSm+6N6CmgIRe6HpWnqEm/OUvnRPFULnrqA61tZ4g:omT36Hp4mbKnrH6fZ4
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1