General
-
Target
6cad475c6e8c9139055b3bdf3d716113_JaffaCakes118
-
Size
31KB
-
Sample
240523-3rxq5adg56
-
MD5
6cad475c6e8c9139055b3bdf3d716113
-
SHA1
346ce2065899cc85fa1f752f8c88a45891f8c95d
-
SHA256
22c4762706b5affeb8e1b88a68616d42d72ef851def63908561a4ddb3b4914b4
-
SHA512
a592568b64a85ebe5818459237464fa9f646455c3a53a8cdae906e6ee1190b178369d1b4b157f01d806333d5577544f15a3c01598b94405b798c11619b205e41
-
SSDEEP
768:i/0JRmRzj+zxJ+hyAscnhTXv6woQmIDUu0tiFmj:fMa0jD3oQVk9j
Behavioral task
behavioral1
Sample
6cad475c6e8c9139055b3bdf3d716113_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
njrat
0.7d
MyBot
192.168.0.108:6522
7004a169caddc15ac96f95a3f349997f
-
reg_key
7004a169caddc15ac96f95a3f349997f
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
6cad475c6e8c9139055b3bdf3d716113_JaffaCakes118
-
Size
31KB
-
MD5
6cad475c6e8c9139055b3bdf3d716113
-
SHA1
346ce2065899cc85fa1f752f8c88a45891f8c95d
-
SHA256
22c4762706b5affeb8e1b88a68616d42d72ef851def63908561a4ddb3b4914b4
-
SHA512
a592568b64a85ebe5818459237464fa9f646455c3a53a8cdae906e6ee1190b178369d1b4b157f01d806333d5577544f15a3c01598b94405b798c11619b205e41
-
SSDEEP
768:i/0JRmRzj+zxJ+hyAscnhTXv6woQmIDUu0tiFmj:fMa0jD3oQVk9j
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-