General
-
Target
0428ff225e18a0e79774b8f1b0c30b80_JaffaCakes118
-
Size
270KB
-
Sample
240428-csbbeaeb47
-
MD5
0428ff225e18a0e79774b8f1b0c30b80
-
SHA1
806413191e59a704f26287aa5b0136d64dd2f30b
-
SHA256
54f0b6b1c309caccd02bab4a0013277e9f1ffde051fd2e45a59d784d1f425563
-
SHA512
66e69515691834cb8e143e65addfbd5e1368a173da697614adb8c4b15f046aadabb15e93c0809708a0a82f7f59781ca74169756cd7012199e5c753ef502b2b86
-
SSDEEP
3072:WxNvADAOY5ZMb7kj92vW1gowzSRtqBP0u+BqNfzUubhpgeUATDPYiPzXGw2:WvveAb7MUgW1aBPUBqzb0ATDPbPD2
Static task
static1
Behavioral task
behavioral1
Sample
0428ff225e18a0e79774b8f1b0c30b80_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
njrat
0.7d
FLYLYLYL
cihan05.duckdns.org:1954
079c805e27db52da73000f101b1bee84
-
reg_key
079c805e27db52da73000f101b1bee84
-
splitter
|'|'|
Targets
-
-
Target
0428ff225e18a0e79774b8f1b0c30b80_JaffaCakes118
-
Size
270KB
-
MD5
0428ff225e18a0e79774b8f1b0c30b80
-
SHA1
806413191e59a704f26287aa5b0136d64dd2f30b
-
SHA256
54f0b6b1c309caccd02bab4a0013277e9f1ffde051fd2e45a59d784d1f425563
-
SHA512
66e69515691834cb8e143e65addfbd5e1368a173da697614adb8c4b15f046aadabb15e93c0809708a0a82f7f59781ca74169756cd7012199e5c753ef502b2b86
-
SSDEEP
3072:WxNvADAOY5ZMb7kj92vW1gowzSRtqBP0u+BqNfzUubhpgeUATDPYiPzXGw2:WvveAb7MUgW1aBPUBqzb0ATDPbPD2
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-