General
-
Target
JaffaCakes118_afa601763f2a7766d2162134d441dda5335cf15c7b0ee75ba8d9759247ca48bc
-
Size
93KB
-
Sample
241226-zs6hwazndm
-
MD5
e3246829669fd405f86615b41273ca8e
-
SHA1
a938850b46ce8c7cef39740a5e60688fe0130334
-
SHA256
afa601763f2a7766d2162134d441dda5335cf15c7b0ee75ba8d9759247ca48bc
-
SHA512
498b1c351e87d01a4b7bc016e47d3eddee9d891cf33c32b41dfcc8ed9c88d60050292dfd2b4e0781450c013037f425b63062bfb81a845082344676ef26acb9ca
-
SSDEEP
1536:GORnEoSnsqS5ut9YMR8SjEwzGi1dD+DOgS:GOtSnsqS5uTYM+7i1dQz
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
message-epic.at.ply.gg:53723
e2e3426a158fbbe324e78b544ba71838
-
reg_key
e2e3426a158fbbe324e78b544ba71838
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_afa601763f2a7766d2162134d441dda5335cf15c7b0ee75ba8d9759247ca48bc
-
Size
93KB
-
MD5
e3246829669fd405f86615b41273ca8e
-
SHA1
a938850b46ce8c7cef39740a5e60688fe0130334
-
SHA256
afa601763f2a7766d2162134d441dda5335cf15c7b0ee75ba8d9759247ca48bc
-
SHA512
498b1c351e87d01a4b7bc016e47d3eddee9d891cf33c32b41dfcc8ed9c88d60050292dfd2b4e0781450c013037f425b63062bfb81a845082344676ef26acb9ca
-
SSDEEP
1536:GORnEoSnsqS5ut9YMR8SjEwzGi1dD+DOgS:GOtSnsqS5uTYM+7i1dQz
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1