General
-
Target
8082dc64e072c3c1c816fb10d54c5b46_JaffaCakes118
-
Size
491KB
-
Sample
240529-m3kmyacc51
-
MD5
8082dc64e072c3c1c816fb10d54c5b46
-
SHA1
6bc3ae1761044e8ebb7c036de98ca016a7371181
-
SHA256
e5dd0b5a738b20ca30fd528b3d73561bb04c4cf1f4df523b896c3b6757c28336
-
SHA512
d49ca18f0bab5125bffff85c43e7387f0441f59bd54a499049d34ef6e29a459dccb24d92d8ed0f60c1bfd13938a68ad41ea28b83430e2d38c0cf7ed82d072456
-
SSDEEP
6144:JdSIHx/C9akzPAJUoofUXunIn6SY7XnETQRWaE4I8Kavb:WDraveOY7eQRWaM8dvb
Static task
static1
Behavioral task
behavioral1
Sample
8082dc64e072c3c1c816fb10d54c5b46_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8082dc64e072c3c1c816fb10d54c5b46_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.7 MultiHost
nova
shell.blackunix.com:1723
shell.blackunix.net:1723
nodio.blackunix.com:1723
nodio.blackunix.net:1723
kano.blackunix.com:1723
kill.blackunix.com:1723
kurtm.blackunix.com:1723
1a9c91f6e0310d4f55b7ee7f22c2c9df
-
reg_key
1a9c91f6e0310d4f55b7ee7f22c2c9df
-
splitter
|'|'|
Targets
-
-
Target
8082dc64e072c3c1c816fb10d54c5b46_JaffaCakes118
-
Size
491KB
-
MD5
8082dc64e072c3c1c816fb10d54c5b46
-
SHA1
6bc3ae1761044e8ebb7c036de98ca016a7371181
-
SHA256
e5dd0b5a738b20ca30fd528b3d73561bb04c4cf1f4df523b896c3b6757c28336
-
SHA512
d49ca18f0bab5125bffff85c43e7387f0441f59bd54a499049d34ef6e29a459dccb24d92d8ed0f60c1bfd13938a68ad41ea28b83430e2d38c0cf7ed82d072456
-
SSDEEP
6144:JdSIHx/C9akzPAJUoofUXunIn6SY7XnETQRWaE4I8Kavb:WDraveOY7eQRWaM8dvb
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-