Behavioral task
behavioral1
Sample
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118
-
Size
23KB
-
MD5
5ea52f0824d8cdf4dd40c3e007a1bafa
-
SHA1
d5058b117ce1c2b0d4277a28da403e954b97545c
-
SHA256
4f76232b0a33d19527d88d9c2c5d0134bee65501122a21acb8ae6ec48903e45f
-
SHA512
275f02c636dff7505eb23d7eeddc4e34e364093887224a1040f7c9bfeea5298a2b95869d1146fc32abc141cef723efc1f1c4a48da155e15476176ba44ccb7441
-
SSDEEP
384:OwTSiYWD2Z7w3CsJeiecwJ3fw6FgzeAh33RtmRvR6JZlbw8hqIusZzZ9M:lvZiBK1edJRpcnu9
Malware Config
Extracted
njrat
0.7d
VICTIME
vendetta2020.ddns.net:5552
8541e6390ca03a5ae76a86b0f2df0b93
-
reg_key
8541e6390ca03a5ae76a86b0f2df0b93
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118
Files
-
5ea52f0824d8cdf4dd40c3e007a1bafa_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ