Behavioral task
behavioral1
Sample
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118
-
Size
23KB
-
MD5
7c0ef81ef52a99bc26a26aed61c6532d
-
SHA1
f0e189c7e4c75e0f0961e9f5150b1cebc07a440a
-
SHA256
81000dc1966cb3be3850943e75f6c08b97002c6b2aa1f020e4a74a0716b2de15
-
SHA512
cf5f9909f19e20fca38e67e0d7f20071de63ba31bd6132901f18254678f572fca172b22a01b5b6f517a6af7f30a0b786ddf5a04128e5cb9b6eabf179566dc0a6
-
SSDEEP
384:LY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZEP:0L2s+tRyRpcnul
Malware Config
Extracted
njrat
0.7d
Ratted
10.0.0.46:5552
e8c2fab912734648f8bb500fffb8db77
-
reg_key
e8c2fab912734648f8bb500fffb8db77
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118
Files
-
7c0ef81ef52a99bc26a26aed61c6532d_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ