Behavioral task
behavioral1
Sample
1232f23a6928a1f33a3b02fa3ed25950_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1232f23a6928a1f33a3b02fa3ed25950_JaffaCakes118.exe
Resource
win10v2004-20240730-en
General
-
Target
1232f23a6928a1f33a3b02fa3ed25950_JaffaCakes118
-
Size
23KB
-
MD5
1232f23a6928a1f33a3b02fa3ed25950
-
SHA1
7189c63728d3c523424cbe2cfc3edd341effd3c9
-
SHA256
c077c3622a982da88651820ac9d01abb5985a645584cae161ddf19115821e67a
-
SHA512
da508e332fbd507a9562a66a3d9d2c652591877402d50e7504d2cd775977d6fda08e389ae4d46e2173650d81e7473b8896abe5014ea7498969d44c804d73d890
-
SSDEEP
384:40jeCIYTNQZUuQnJXJeCXlwhPQ6VgDOwBHhdmRvR6JZlbw8hqIusZzZ4W:/3jNAU/ZVX6RpcnuA
Malware Config
Extracted
njrat
0.7d
Runtime Boker
qgoldtnt.ddns.net:1177
e32abd1bd2a8f5b2eeaa4fb87ed1123c
-
reg_key
e32abd1bd2a8f5b2eeaa4fb87ed1123c
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1232f23a6928a1f33a3b02fa3ed25950_JaffaCakes118
Files
-
1232f23a6928a1f33a3b02fa3ed25950_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ