General
-
Target
4ba5fed877aaf558a5235989262bf1ee_JaffaCakes118
-
Size
450KB
-
Sample
240331-dq2k9acg5v
-
MD5
4ba5fed877aaf558a5235989262bf1ee
-
SHA1
bb0c3c3338866caa38ea12f41c16c3f5f162a2d4
-
SHA256
5d1268768233cb4861b2a7bdaba1f3f646b6e18efadcb84f25c160ff79860972
-
SHA512
a93c7213eee99ed494e6c51959b299f7caac18878eec9d7ac34921a15254e9bfd8a497df37fc5475d07d875d465d82da02fe1b58ae6246fa63e24acc4afa84b8
-
SSDEEP
12288:PEYG7ywzVxKHZFRupFRulhx+vhx+Shx+whx+G:TuduwmBDG
Static task
static1
Behavioral task
behavioral1
Sample
4ba5fed877aaf558a5235989262bf1ee_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4ba5fed877aaf558a5235989262bf1ee_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
njrat
v4.0
Quran
165.227.31.192:22867
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
4ba5fed877aaf558a5235989262bf1ee_JaffaCakes118
-
Size
450KB
-
MD5
4ba5fed877aaf558a5235989262bf1ee
-
SHA1
bb0c3c3338866caa38ea12f41c16c3f5f162a2d4
-
SHA256
5d1268768233cb4861b2a7bdaba1f3f646b6e18efadcb84f25c160ff79860972
-
SHA512
a93c7213eee99ed494e6c51959b299f7caac18878eec9d7ac34921a15254e9bfd8a497df37fc5475d07d875d465d82da02fe1b58ae6246fa63e24acc4afa84b8
-
SSDEEP
12288:PEYG7ywzVxKHZFRupFRulhx+vhx+Shx+whx+G:TuduwmBDG
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-