General
-
Target
f91897d648d7d27ff036f2e9ec906eee_JaffaCakes118
-
Size
459KB
-
Sample
240419-art11sbb78
-
MD5
f91897d648d7d27ff036f2e9ec906eee
-
SHA1
fec52c77723162f9f2fda5942c4fd53400722af9
-
SHA256
b67e79fb5d9a3201a803470889916325c265f4994eda26ddfde9ec9febdad233
-
SHA512
c9d1d1c5879c0d3f8dc5cc353e1776080a6afe651a37def90c17e22a7caf123e486d001e4cb0c0a87b8ba0fc5a3194aa3cbc04d76384deeb67fb048131bd2c33
-
SSDEEP
6144:ec0h522p3l04ZMSmIp3Uy28uhyFM0s8QWPhOQ2sF3NB1O2FgeizSGnX3UjZFcrLu:4hxp3lZnT9bDxF3P4DfSRdI0N
Static task
static1
Behavioral task
behavioral1
Sample
f91897d648d7d27ff036f2e9ec906eee_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f91897d648d7d27ff036f2e9ec906eee_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
185.82.217.154:5703
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
f91897d648d7d27ff036f2e9ec906eee_JaffaCakes118
-
Size
459KB
-
MD5
f91897d648d7d27ff036f2e9ec906eee
-
SHA1
fec52c77723162f9f2fda5942c4fd53400722af9
-
SHA256
b67e79fb5d9a3201a803470889916325c265f4994eda26ddfde9ec9febdad233
-
SHA512
c9d1d1c5879c0d3f8dc5cc353e1776080a6afe651a37def90c17e22a7caf123e486d001e4cb0c0a87b8ba0fc5a3194aa3cbc04d76384deeb67fb048131bd2c33
-
SSDEEP
6144:ec0h522p3l04ZMSmIp3Uy28uhyFM0s8QWPhOQ2sF3NB1O2FgeizSGnX3UjZFcrLu:4hxp3lZnT9bDxF3P4DfSRdI0N
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-