General
-
Target
64a4318e9752ab10484cdcd3427fd211_JaffaCakes118
-
Size
43KB
-
Sample
240521-y5yhcshd2z
-
MD5
64a4318e9752ab10484cdcd3427fd211
-
SHA1
54b0b70bae6f7ba7648bf31bbd9c5d4244102b57
-
SHA256
171a802411d9ae1c3cb973b359b654caaad5dacf07ed37e3ceda7ed0ab47f42c
-
SHA512
d2dc4ea6af5aa6e134e8f94dd0c4f30bd3c9655a4d786fc39bfc053748d08b1e97186fd69231047dcb421845f750ba75702eaad52b2f002450977b6d4b2a59b9
-
SSDEEP
384:2ZyZsFgpWoy7OJ7FuywEBYXAkXzYIij+ZsNO3PlpJKkkjh/TzF7pWnNmwgreT0pO:sZWol7M7FR6Q8uXQ/oYm0+L
Behavioral task
behavioral1
Sample
64a4318e9752ab10484cdcd3427fd211_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
64a4318e9752ab10484cdcd3427fd211_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed2334
127.0.0.1:5057
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
64a4318e9752ab10484cdcd3427fd211_JaffaCakes118
-
Size
43KB
-
MD5
64a4318e9752ab10484cdcd3427fd211
-
SHA1
54b0b70bae6f7ba7648bf31bbd9c5d4244102b57
-
SHA256
171a802411d9ae1c3cb973b359b654caaad5dacf07ed37e3ceda7ed0ab47f42c
-
SHA512
d2dc4ea6af5aa6e134e8f94dd0c4f30bd3c9655a4d786fc39bfc053748d08b1e97186fd69231047dcb421845f750ba75702eaad52b2f002450977b6d4b2a59b9
-
SSDEEP
384:2ZyZsFgpWoy7OJ7FuywEBYXAkXzYIij+ZsNO3PlpJKkkjh/TzF7pWnNmwgreT0pO:sZWol7M7FR6Q8uXQ/oYm0+L
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-