General
-
Target
64d731b7bdbe7b1697fb1d97ca12505e_JaffaCakes118
-
Size
14KB
-
Sample
240521-1e17nsbb89
-
MD5
64d731b7bdbe7b1697fb1d97ca12505e
-
SHA1
82c98d771536d6207655afbce00fda763b9c362f
-
SHA256
0b12ff391a080d3b62c4ea0c2eba0a67eed8d26652c78a9f1654cb2e7213c20a
-
SHA512
e4e6361188e1e65e1621acd1b5a7ea1ac5a5a280ae3f07d1fb8804cd32caa538469d4dfa2e87f8b157d5a7bc248e8f7637e6a0627fdc1a55eb314ec10d5736c2
-
SSDEEP
384:/m0dWH0vos2ii8u+OjyzZc7BFzf+tjsQdHugSCJ5/ezd:RdWHNB+OjyOlFzcjsUugVod
Behavioral task
behavioral1
Sample
CL.exe
Resource
win7-20240508-en
Malware Config
Extracted
njrat
0.7d
q
192.168.1.3:7777
ad0e8fb502ecf928942daab540ba981e
-
reg_key
ad0e8fb502ecf928942daab540ba981e
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
CL.exe
-
Size
31KB
-
MD5
d7e87763288419fb13d503ebb46bfbf2
-
SHA1
54b7f3497b1ac1767fbe9f830e9feba03482518b
-
SHA256
02879d94414bb75a4167bea440b3e538e13ddcb325a66d88404629afc83395dd
-
SHA512
6ccf406712260b1508347df04fc4e002f7572b04a974b203f0522132fa0051b1dc4e12710dba711cd54c3ee1e5bfa6b8f007ad214038c187c0eb924080fe7132
-
SSDEEP
768:+dQZlGFnf6zxV+Ny/kfxfbvCYoQmIDUu0ti0zGj:1Iq8bnoQVkej
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-