General
-
Target
c6a3722aa9098d983ebeb9163d366627_JaffaCakes118
-
Size
582KB
-
Sample
240828-l4c4tawcll
-
MD5
c6a3722aa9098d983ebeb9163d366627
-
SHA1
eba9fae31dc82786ebf4d75489058ac470b23c55
-
SHA256
e7ab67984c2003f38266126541796ff26be38445a24137887f1aee169c816969
-
SHA512
9eabcd2838570d4502977cc12e85d92f24c08ee5916965bc940d3416ec17df3bb2c40914baee65a5984065bce1b4c79e771f0bf513525b912be0d01ddf253638
-
SSDEEP
6144:+/iQb+ckQsH8TDRGKJkSvGUlYG2Ks49gDmt3bN0uh+q8Q6ZJt8MCzJFQepf2klj:9Qnk3GDYKGcblfd9gDmtrN0pq8Qa7Q5
Static task
static1
Behavioral task
behavioral1
Sample
c6a3722aa9098d983ebeb9163d366627_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c6a3722aa9098d983ebeb9163d366627_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
eroxsik1241
eroxsik.ddns.net:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
c6a3722aa9098d983ebeb9163d366627_JaffaCakes118
-
Size
582KB
-
MD5
c6a3722aa9098d983ebeb9163d366627
-
SHA1
eba9fae31dc82786ebf4d75489058ac470b23c55
-
SHA256
e7ab67984c2003f38266126541796ff26be38445a24137887f1aee169c816969
-
SHA512
9eabcd2838570d4502977cc12e85d92f24c08ee5916965bc940d3416ec17df3bb2c40914baee65a5984065bce1b4c79e771f0bf513525b912be0d01ddf253638
-
SSDEEP
6144:+/iQb+ckQsH8TDRGKJkSvGUlYG2Ks49gDmt3bN0uh+q8Q6ZJt8MCzJFQepf2klj:9Qnk3GDYKGcblfd9gDmtrN0pq8Qa7Q5
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-