General
-
Target
440776946da09827ff0ac2f56741c086_JaffaCakes118
-
Size
361KB
-
Sample
240515-b5jb4sbf38
-
MD5
440776946da09827ff0ac2f56741c086
-
SHA1
62cfd5f03712e636fd5883f2b92fb565d2207f33
-
SHA256
cebee7dc0112f960319868d6df1f9db37868e1912def20304af20a21bf409250
-
SHA512
521288f212ffd3a3422ca36c8e6fca3ee94030ea5b369798e3332e4a52c4a3f94cdcd9b70e31a7ae1f85c93527161349827dacb285f11529e799932db4522b1d
-
SSDEEP
6144:k2EKdoUIe33cHZBYuJalMd13x0cH9Bek4PN5mYUpg:HEKGf5UlY3zH9BsmYUi
Static task
static1
Behavioral task
behavioral1
Sample
440776946da09827ff0ac2f56741c086_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
440776946da09827ff0ac2f56741c086_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
NYAN CAT
dongreg202020.kozow.com:8874
df42226e7936412c9a9e4b35efad0718
-
reg_key
df42226e7936412c9a9e4b35efad0718
-
splitter
|'|'|
Targets
-
-
Target
440776946da09827ff0ac2f56741c086_JaffaCakes118
-
Size
361KB
-
MD5
440776946da09827ff0ac2f56741c086
-
SHA1
62cfd5f03712e636fd5883f2b92fb565d2207f33
-
SHA256
cebee7dc0112f960319868d6df1f9db37868e1912def20304af20a21bf409250
-
SHA512
521288f212ffd3a3422ca36c8e6fca3ee94030ea5b369798e3332e4a52c4a3f94cdcd9b70e31a7ae1f85c93527161349827dacb285f11529e799932db4522b1d
-
SSDEEP
6144:k2EKdoUIe33cHZBYuJalMd13x0cH9Bek4PN5mYUpg:HEKGf5UlY3zH9BsmYUi
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-