General
-
Target
aa7ecd1b7b97f64c5a426ba411f3eddf_JaffaCakes118
-
Size
85KB
-
Sample
240404-agyapahd46
-
MD5
aa7ecd1b7b97f64c5a426ba411f3eddf
-
SHA1
6615c51b10315d7e457d7149195dbbdc60615bdd
-
SHA256
1dc1a41ffe0e5478df5e628ff818e5abb06fba2b879549ccdb7f810e84d65f18
-
SHA512
4aaa6957b3db2b728b7dd7e066db25098a56b8c672b07e23d5215259e8399e69db1093b305c7171268bd6d32211b5971b9c3fd8a36a67b8a527cd3df7a5206ec
-
SSDEEP
1536:h5KNBcTWo4fH7itHRQqk/PmYFqQ5TD5EnqBrR0WTag6l3FsUgdR:h0NB597ihCqk/P3EQ5TDcqBV0WTx6l30
Static task
static1
Behavioral task
behavioral1
Sample
aa7ecd1b7b97f64c5a426ba411f3eddf_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aa7ecd1b7b97f64c5a426ba411f3eddf_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7.3
Lime
127.0.0.1:1528
Client.exe
-
reg_key
Client.exe
-
splitter
AZERTY
Targets
-
-
Target
aa7ecd1b7b97f64c5a426ba411f3eddf_JaffaCakes118
-
Size
85KB
-
MD5
aa7ecd1b7b97f64c5a426ba411f3eddf
-
SHA1
6615c51b10315d7e457d7149195dbbdc60615bdd
-
SHA256
1dc1a41ffe0e5478df5e628ff818e5abb06fba2b879549ccdb7f810e84d65f18
-
SHA512
4aaa6957b3db2b728b7dd7e066db25098a56b8c672b07e23d5215259e8399e69db1093b305c7171268bd6d32211b5971b9c3fd8a36a67b8a527cd3df7a5206ec
-
SSDEEP
1536:h5KNBcTWo4fH7itHRQqk/PmYFqQ5TD5EnqBrR0WTag6l3FsUgdR:h0NB597ihCqk/P3EQ5TDcqBV0WTx6l30
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-