General
-
Target
4b5522eebcad10beac06216513281c63_JaffaCakes118
-
Size
3.3MB
-
Sample
240516-qv3ekafb8x
-
MD5
4b5522eebcad10beac06216513281c63
-
SHA1
ec0fa68acfb0461a283df076b239191a69fed59a
-
SHA256
b251f070fcb0f3860976575737f90608919b194d7063a85981eee96cc85d7e7c
-
SHA512
9f233a6dc82c59f8bb0e97a92325de7f3abc11bc4999db8a365b8fab86dc07e69fa67f1ab59fccda13c4b40786e3265e0d41da8b967f4f392a602dc6198fc51a
-
SSDEEP
98304:jyw275vzy5BZJ+XwkPnxNoN9AY7/deXoUxXMKUR:jO70BTVkPnDoD1B8JMKUR
Static task
static1
Behavioral task
behavioral1
Sample
4b5522eebcad10beac06216513281c63_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
njrat
0.7.3
Lime
0.tcp.ngrok.io:17495
Client.exe
-
reg_key
Client.exe
-
splitter
123456
Targets
-
-
Target
4b5522eebcad10beac06216513281c63_JaffaCakes118
-
Size
3.3MB
-
MD5
4b5522eebcad10beac06216513281c63
-
SHA1
ec0fa68acfb0461a283df076b239191a69fed59a
-
SHA256
b251f070fcb0f3860976575737f90608919b194d7063a85981eee96cc85d7e7c
-
SHA512
9f233a6dc82c59f8bb0e97a92325de7f3abc11bc4999db8a365b8fab86dc07e69fa67f1ab59fccda13c4b40786e3265e0d41da8b967f4f392a602dc6198fc51a
-
SSDEEP
98304:jyw275vzy5BZJ+XwkPnxNoN9AY7/deXoUxXMKUR:jO70BTVkPnDoD1B8JMKUR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-