General
-
Target
03cb57011a5d97ea77106542e0b52fa6_JaffaCakes118
-
Size
45KB
-
Sample
240622-zegbtstare
-
MD5
03cb57011a5d97ea77106542e0b52fa6
-
SHA1
be45b9a381941b78abc74cb3589c04a13bd81761
-
SHA256
3cd2b93b5e1a87261fc6ac3f0a424ceb3cdf7bd967cbe9c23282743bcb143e19
-
SHA512
631fa33611753b1a71f57c73e10b7eaa7e87699c58a2df2af26bb0b1afc59f91c49764ca7528d2c9c039245efd3886f14cfaa61b49edf0644bbb2f1db186f78a
-
SSDEEP
768:BapD+Zwq3r1uFbaYh+Jnq7az+xRug+n2hpUE+fDNkQp6HwfYT4X9b1S5HeQMKz:BgD+HZuY5q7az+GgDbUfZkQTfA4Xl1SB
Static task
static1
Behavioral task
behavioral1
Sample
03cb57011a5d97ea77106542e0b52fa6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
03cb57011a5d97ea77106542e0b52fa6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
B HAT
1fcb8fb3a4794ae29f1b8ef01d138a35
-
reg_key
1fcb8fb3a4794ae29f1b8ef01d138a35
-
splitter
|'|'|
Targets
-
-
Target
03cb57011a5d97ea77106542e0b52fa6_JaffaCakes118
-
Size
45KB
-
MD5
03cb57011a5d97ea77106542e0b52fa6
-
SHA1
be45b9a381941b78abc74cb3589c04a13bd81761
-
SHA256
3cd2b93b5e1a87261fc6ac3f0a424ceb3cdf7bd967cbe9c23282743bcb143e19
-
SHA512
631fa33611753b1a71f57c73e10b7eaa7e87699c58a2df2af26bb0b1afc59f91c49764ca7528d2c9c039245efd3886f14cfaa61b49edf0644bbb2f1db186f78a
-
SSDEEP
768:BapD+Zwq3r1uFbaYh+Jnq7az+xRug+n2hpUE+fDNkQp6HwfYT4X9b1S5HeQMKz:BgD+HZuY5q7az+GgDbUfZkQTfA4Xl1SB
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-