Behavioral task
behavioral1
Sample
248142aea460cc39937a45ddd2873c3a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
248142aea460cc39937a45ddd2873c3a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
248142aea460cc39937a45ddd2873c3a_JaffaCakes118
-
Size
36KB
-
MD5
248142aea460cc39937a45ddd2873c3a
-
SHA1
00d92a85c938e3449b7c8463c9b8465a0124498b
-
SHA256
3917248c65c30739e04d5a6141bdd0140b30852a2680698e083be03904c0341a
-
SHA512
c8ca79d6958fa694fb4c460b690a39e47ce9cce879502922d5bb825fcd7d47558b5d1ca6535c42ea81a8ed3e03b04a271594b5f2cade302c09ff3b67d86ea553
-
SSDEEP
384:H+qIiuVjtD+P3V+y0bf2TKtvN4suKfdrAF+rMRTyN/0L+EcoinblneHQM3epzXwq:eNmV10bf2TKtClK1rM+rMRa8NuNaWt
Malware Config
Extracted
njrat
im523
HacKed
192.168.0.104:25565
986c64151b7027cb49fc754500077dc6
-
reg_key
986c64151b7027cb49fc754500077dc6
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 248142aea460cc39937a45ddd2873c3a_JaffaCakes118
Files
-
248142aea460cc39937a45ddd2873c3a_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ