c:\Users\Jamie\Desktop\ffs\attempt2\obj\x86\Debug\MultiGameTool.pdb
Overview
overview
10Static
static
10Rekt/Rekt/...LS.rtf
windows7-x64
4Rekt/Rekt/...LS.rtf
windows10-2004-x64
1Rekt/Rekt/...ol.exe
windows7-x64
3Rekt/Rekt/...ol.exe
windows10-2004-x64
3Rekt/Rekt/...33.exe
windows7-x64
10Rekt/Rekt/...33.exe
windows10-2004-x64
10Rekt/Rekt/JRPC.dll
windows7-x64
3Rekt/Rekt/JRPC.dll
windows10-2004-x64
3Rekt/Rekt/...rk.dll
windows7-x64
1Rekt/Rekt/...rk.dll
windows10-2004-x64
1Rekt/Rekt/Nipples.dll
windows7-x64
3Rekt/Rekt/Nipples.dll
windows10-2004-x64
3Rekt/Rekt/...ss.exe
windows7-x64
10Rekt/Rekt/...ss.exe
windows10-2004-x64
10Rekt/Rekt/xdevkit.dll
windows7-x64
1Rekt/Rekt/xdevkit.dll
windows10-2004-x64
1Behavioral task
behavioral1
Sample
Rekt/Rekt/#REKTEDTOOLS.rtf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Rekt/Rekt/#REKTEDTOOLS.rtf
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Rekt/Rekt/#RektedToolsMultiGameTool.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Rekt/Rekt/#RektedToolsMultiGameTool.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Rekt/Rekt/33333333333.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Rekt/Rekt/33333333333.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Rekt/Rekt/JRPC.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Rekt/Rekt/JRPC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Rekt/Rekt/MetroFramework.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Rekt/Rekt/MetroFramework.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Rekt/Rekt/Nipples.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Rekt/Rekt/Nipples.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Rekt/Rekt/UpdaterBypass.exe
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
Rekt/Rekt/UpdaterBypass.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Rekt/Rekt/xdevkit.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Rekt/Rekt/xdevkit.dll
Resource
win10v2004-20240802-en
General
-
Target
f0dfe6865f1a78a0aa9322ad5f44aa38_JaffaCakes118
-
Size
10.2MB
-
MD5
f0dfe6865f1a78a0aa9322ad5f44aa38
-
SHA1
2f46d15bac4377fa0eb80ae808890b682a0bc5f2
-
SHA256
50d9e490042d226bfaeef0b39c7903d4e166803fd743f6e6a7a6c2aaadfd933c
-
SHA512
9f40c9abd1e01ca9ed49679fbfdd340b3f36e7eb470ba489882f73bfa4ac7a0fc359d1b3641079b75e18ac4a1b17fd974361fd842c19694688c58b63ea978b4b
-
SSDEEP
196608:bxKVueahTl5JzepP4sd/Pa8mxOjvtV/eU9GU9eCLs+S939fH1DcV:lKVW1lHzgXPadovtV/egRpY7fH1DcV
Malware Config
Signatures
-
Njrat family
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/Rekt/Rekt/#RektedToolsMultiGameTool.exe unpack001/Rekt/Rekt/33333333333.exe unpack001/Rekt/Rekt/JRPC.dll unpack001/Rekt/Rekt/MetroFramework.dll unpack001/Rekt/Rekt/Nipples.dll unpack001/Rekt/Rekt/UpdaterBypass.exe unpack001/Rekt/Rekt/xdevkit.dll
Files
-
f0dfe6865f1a78a0aa9322ad5f44aa38_JaffaCakes118.rar
-
Rekt/Rekt/#REKTEDTOOLS.rtf.rtf
-
Rekt/Rekt/#RektedToolsMultiGameTool.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 777KB - Virtual size: 776KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Rekt/Rekt/33333333333.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 880B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Rekt/Rekt/JRPC.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\Users\Deathy\Desktop\DLL's\JRPC\obj\x86\Debug\JRPC.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Rekt/Rekt/JtagIMG.bmp
-
Rekt/Rekt/MetroFramework.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 131KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Rekt/Rekt/Nipples.dll.dll windows:4 windows x86 arch:x86
790a9ea28a746f3c6c07a3bd3a2b6020
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
ReadFile
CreateFileA
WideCharToMultiByte
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetProcAddress
ExitProcess
FreeLibrary
LoadLibraryA
WaitForSingleObject
CloseHandle
CreateEventA
DisableThreadLibraryCalls
lstrcatA
IsBadReadPtr
lstrlenA
VirtualProtect
Sleep
SetEvent
SetEnvironmentVariableA
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
MultiByteToWideChar
GetLastError
InterlockedIncrement
SetFilePointer
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
IsBadWritePtr
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetModuleFileNameA
GetCurrentProcess
VirtualQuery
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
HeapCreate
VirtualFree
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
ResumeThread
CreateThread
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
user32
MessageBoxA
wsprintfA
UnregisterClassA
advapi32
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
oleaut32
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
VariantChangeType
SysStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayDestroyDescriptor
VariantClear
VariantInit
SysFreeString
GetErrorInfo
SysAllocString
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
Exports
Exports
CheckRuntime
DNG_Runtime
GetUserString
RunHVM
Sections
.text Size: 168KB - Virtual size: 164KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.hvm Size: 4KB - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.hvm0 Size: 372KB - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Rekt/Rekt/UpdaterBypass.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 269KB - Virtual size: 269KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Rekt/Rekt/xdevkit.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ