General
-
Target
9c825845a54d8a84d07719600b7b9600_JaffaCakes118
-
Size
23KB
-
Sample
240611-bb1z3aybpq
-
MD5
9c825845a54d8a84d07719600b7b9600
-
SHA1
6513a143c2effa6435ae7545ab71f850228c3ab8
-
SHA256
9535b41aae9d82f739b76603a5844609b047a208b39e093e47e49fdf364add2d
-
SHA512
0fd0f54cf22b3b877116ee3aa5ce423fd0297122e884c6119b1d8a05e67ba5e6f6b8186874dbb959ec97090325fd6c9cccf2e92064561736e93a4e546c82e5e6
-
SSDEEP
384:w3gexUw/L+JrgUon5b9uSDMwT9Pfg6NgrWoBYi51mRvR6JZlbw8hqIusZzZ5k:WIAKG91DP1hPRpcnux
Behavioral task
behavioral1
Sample
9c825845a54d8a84d07719600b7b9600_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
njrat
0.7d
Lammer
luanzin.duckdns.org:8080
a3bb610807ca79c4f146656f4f6a1783
-
reg_key
a3bb610807ca79c4f146656f4f6a1783
-
splitter
|'|'|
Targets
-
-
Target
9c825845a54d8a84d07719600b7b9600_JaffaCakes118
-
Size
23KB
-
MD5
9c825845a54d8a84d07719600b7b9600
-
SHA1
6513a143c2effa6435ae7545ab71f850228c3ab8
-
SHA256
9535b41aae9d82f739b76603a5844609b047a208b39e093e47e49fdf364add2d
-
SHA512
0fd0f54cf22b3b877116ee3aa5ce423fd0297122e884c6119b1d8a05e67ba5e6f6b8186874dbb959ec97090325fd6c9cccf2e92064561736e93a4e546c82e5e6
-
SSDEEP
384:w3gexUw/L+JrgUon5b9uSDMwT9Pfg6NgrWoBYi51mRvR6JZlbw8hqIusZzZ5k:WIAKG91DP1hPRpcnux
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-