General
-
Target
f7e89637c4f0d4599d950155cf79e698_JaffaCakes118
-
Size
25KB
-
Sample
240418-nq1ztsbf83
-
MD5
f7e89637c4f0d4599d950155cf79e698
-
SHA1
99ff6ce943e33ff71b0904618417c5b8cc8f1a79
-
SHA256
51c374e8ab338e73b24de0a03c7d22d4920a91df47c1a996e8de8448d944e5ad
-
SHA512
64a5bd3a0e8f12cf2cf32378cafb4d86105eb315c7f554fed46ae2e2291d3b41a7c7b68dd8f550bd532362213450fe1f4e5f490e0bb909bf540704ead3cdb4ca
-
SSDEEP
384:sv3ZIqv0yzShgOQJb/P+IyZcyZu6Z6bvDgj4yrhVcp0F9h2HbmdPvo8I6CQLFrW0:svpqCShMtdyZD07DQYpwgwvj1CpGN
Static task
static1
Behavioral task
behavioral1
Sample
f7e89637c4f0d4599d950155cf79e698_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f7e89637c4f0d4599d950155cf79e698_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
127.0.0.1:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
f7e89637c4f0d4599d950155cf79e698_JaffaCakes118
-
Size
25KB
-
MD5
f7e89637c4f0d4599d950155cf79e698
-
SHA1
99ff6ce943e33ff71b0904618417c5b8cc8f1a79
-
SHA256
51c374e8ab338e73b24de0a03c7d22d4920a91df47c1a996e8de8448d944e5ad
-
SHA512
64a5bd3a0e8f12cf2cf32378cafb4d86105eb315c7f554fed46ae2e2291d3b41a7c7b68dd8f550bd532362213450fe1f4e5f490e0bb909bf540704ead3cdb4ca
-
SSDEEP
384:sv3ZIqv0yzShgOQJb/P+IyZcyZu6Z6bvDgj4yrhVcp0F9h2HbmdPvo8I6CQLFrW0:svpqCShMtdyZD07DQYpwgwvj1CpGN
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-