General
-
Target
4a656e64683cd0504d1a877af1b6920c_JaffaCakes118
-
Size
324KB
-
Sample
240516-lc7jcadh31
-
MD5
4a656e64683cd0504d1a877af1b6920c
-
SHA1
dd6be219ff7911d77b999764cb720501367f46f8
-
SHA256
a2e0dbf8088acc60a555f90a7547bff543e8f88e76945841d2f3e44c495c2c7e
-
SHA512
7243cf65ffb88e971f873d2be12d58cdce0534964d19ba80fd8a127fa47c4962a6da5be79538ae21a6b124581b55d9a15a60252c499951d219fdc65a01d8ef98
-
SSDEEP
6144:LPdh3AM4t6oIIf3obSx4ak/lWLAQ3nFZc0Xm2icHOgga:h5BWwIPOSxPk/0cQ3nFZfXm2io
Static task
static1
Behavioral task
behavioral1
Sample
4a656e64683cd0504d1a877af1b6920c_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
njrat
0.7.3
Lime
ploxtermaster.duckdns.org:6699
Client.exe
-
reg_key
Client.exe
-
splitter
luffy
Targets
-
-
Target
4a656e64683cd0504d1a877af1b6920c_JaffaCakes118
-
Size
324KB
-
MD5
4a656e64683cd0504d1a877af1b6920c
-
SHA1
dd6be219ff7911d77b999764cb720501367f46f8
-
SHA256
a2e0dbf8088acc60a555f90a7547bff543e8f88e76945841d2f3e44c495c2c7e
-
SHA512
7243cf65ffb88e971f873d2be12d58cdce0534964d19ba80fd8a127fa47c4962a6da5be79538ae21a6b124581b55d9a15a60252c499951d219fdc65a01d8ef98
-
SSDEEP
6144:LPdh3AM4t6oIIf3obSx4ak/lWLAQ3nFZc0Xm2icHOgga:h5BWwIPOSxPk/0cQ3nFZfXm2io
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-