General
-
Target
5bf507937115c6074074caf023da2c3d_JaffaCakes118
-
Size
400KB
-
Sample
240519-243mgaga82
-
MD5
5bf507937115c6074074caf023da2c3d
-
SHA1
5bebf55cc34dca6c90e3ff9782bd004a4e50e8ff
-
SHA256
0192991a0743901f0c69824069ead6095732592bd12534a879f007b5132e1dd9
-
SHA512
6aef54c4e9f6d72b7c924d38e4bd08b9641fb53028abeba451805c9134fb56f8a9ade86034abed5afd8aa624de3a56c6e45049c4e61ef4e4fbddffd41bd463bb
-
SSDEEP
6144:9YZcO/kEfaRbLnn38V17Y0fpO6H/RGB4zDuQpbAbTLt:ccK2Ln3s180f/z0bTp
Static task
static1
Behavioral task
behavioral1
Sample
5bf507937115c6074074caf023da2c3d_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
asd2xxx.duckdns.org:1445
993def5db6bb457e
-
reg_key
993def5db6bb457e
-
splitter
@!#&^%$
Targets
-
-
Target
5bf507937115c6074074caf023da2c3d_JaffaCakes118
-
Size
400KB
-
MD5
5bf507937115c6074074caf023da2c3d
-
SHA1
5bebf55cc34dca6c90e3ff9782bd004a4e50e8ff
-
SHA256
0192991a0743901f0c69824069ead6095732592bd12534a879f007b5132e1dd9
-
SHA512
6aef54c4e9f6d72b7c924d38e4bd08b9641fb53028abeba451805c9134fb56f8a9ade86034abed5afd8aa624de3a56c6e45049c4e61ef4e4fbddffd41bd463bb
-
SSDEEP
6144:9YZcO/kEfaRbLnn38V17Y0fpO6H/RGB4zDuQpbAbTLt:ccK2Ln3s180f/z0bTp
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Suspicious use of SetThreadContext
-