Behavioral task
behavioral1
Sample
15eefc6f36908fb2b9f889f7e726660e_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
15eefc6f36908fb2b9f889f7e726660e_JaffaCakes118.exe
Resource
win10v2004-20240730-en
General
-
Target
15eefc6f36908fb2b9f889f7e726660e_JaffaCakes118
-
Size
103KB
-
MD5
15eefc6f36908fb2b9f889f7e726660e
-
SHA1
b9591e5570bd17b8e03fcfb76ac10450d0e15ba5
-
SHA256
b5d2b1c680bfe8463e508d45ae7a0005705c5f02c753f354390f929c4fd31e9e
-
SHA512
1ab07292c3035be937e2ed4c4e77f83bfddbebd558a9d0d5ce1b72e14d39ac8151e2b48a75451ba3fe0e1e569f3a78e03fe04472f28b7a2822fb95f56b2387d7
-
SSDEEP
768:9bRNRMGmRVUFuNrM+rMRa8NucatzFSn2G:9bRN29VUw2+gRJNvE
Malware Config
Extracted
njrat
im523
ValPer PROTECT
192.168.0.103:1177
45e516a2514ecdb988d366d41acc6e1d
-
reg_key
45e516a2514ecdb988d366d41acc6e1d
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 15eefc6f36908fb2b9f889f7e726660e_JaffaCakes118
Files
-
15eefc6f36908fb2b9f889f7e726660e_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ