General
-
Target
17af710193e1570d2a161243a7f09ad3_JaffaCakes118
-
Size
386KB
-
Sample
240505-prd25aaa91
-
MD5
17af710193e1570d2a161243a7f09ad3
-
SHA1
bbe48f327480d04cfb1851f8dd66517774d86ac6
-
SHA256
409726bc69395c3cf5381e9fcde1a4159eb6674da32efac8ad87120e17e8c2f7
-
SHA512
b5526dbe2ba29a39d73ead166b8f1c418e2d6cee447c087da3c0a9a01a9be758c13a67bebb86f0fab9978e8fdf8ef5bf39c43963b698f195fe875f2829bcb83f
-
SSDEEP
3072:N17/yrBe0HCa5iwY6k3+OAAKhH8x146Vzm2TceHvBdqdfqcmPnlGZGepv8C:77/yOjutH8xe6NmZOC9a
Static task
static1
Behavioral task
behavioral1
Sample
17af710193e1570d2a161243a7f09ad3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
17af710193e1570d2a161243a7f09ad3_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
asd2xxx.duckdns.org:1445
62165dfdef6b4200ad
-
reg_key
62165dfdef6b4200ad
-
splitter
@!#&^%$
Targets
-
-
Target
17af710193e1570d2a161243a7f09ad3_JaffaCakes118
-
Size
386KB
-
MD5
17af710193e1570d2a161243a7f09ad3
-
SHA1
bbe48f327480d04cfb1851f8dd66517774d86ac6
-
SHA256
409726bc69395c3cf5381e9fcde1a4159eb6674da32efac8ad87120e17e8c2f7
-
SHA512
b5526dbe2ba29a39d73ead166b8f1c418e2d6cee447c087da3c0a9a01a9be758c13a67bebb86f0fab9978e8fdf8ef5bf39c43963b698f195fe875f2829bcb83f
-
SSDEEP
3072:N17/yrBe0HCa5iwY6k3+OAAKhH8x146Vzm2TceHvBdqdfqcmPnlGZGepv8C:77/yOjutH8xe6NmZOC9a
Score10/10-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-