General
-
Target
70e3896b13db4db7b682f7beb9c00511_JaffaCakes118
-
Size
98KB
-
Sample
240525-fbyl6aeg5y
-
MD5
70e3896b13db4db7b682f7beb9c00511
-
SHA1
89f9590ade37b275b68f40d6ec6a85afb4026982
-
SHA256
1f6e992bb9f1e4ba2640df7f5f44036fd70696c9b3f3d7a18562bb28fbf3b0e2
-
SHA512
520be39eee46632f1e92c3d8f2cd8f360f0f6ec7956be7f31c6ff90f7687e28d825697fc60c8c1cdf038ec8ef0fc966939152d4ad70e0f5ac84c5c8985600a1d
-
SSDEEP
3072:ta14OKVT8jdyvjMcDm3oGGw8iAdO229D3L0/:ta11KeAjM6m4m8iAdO20LL0/
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
medallos.duckdns.org:2054
89a15ad405
-
reg_key
89a15ad405
-
splitter
@!#&^%$
Targets
-
-
Target
sample
-
Size
137KB
-
MD5
22ae02a0257adbbf653910e99f3cf6cc
-
SHA1
1b610c0bca5caf1e5bdcd409949c269b7e51313d
-
SHA256
812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf
-
SHA512
3c5abc665e103cc039edbc58ac3828d6a9cd44254616dd27bd4623e7aff6ba488440edb1732a521738ecfbd0918c1c1cdcf3c4169d1220f3f85a54db5aed4470
-
SSDEEP
3072:s59ZqNXGJoDAsdXMuhuz+bAd7j5+XpidGClihmQi:ccG2DAoIz3nFdBi
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-