Behavioral task
behavioral1
Sample
28262e1a96080650dec8256ab64148dd_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
28262e1a96080650dec8256ab64148dd_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
28262e1a96080650dec8256ab64148dd_JaffaCakes118
-
Size
32KB
-
MD5
28262e1a96080650dec8256ab64148dd
-
SHA1
69846595e644115cc919efa3216ea95c229db930
-
SHA256
3eb2cb23d9aa44b1587b2bee60549a56fee805655eaafaefe09dc651fa6d2ab3
-
SHA512
5ee4005d54291f3e7c54978c07916a9a66160799c038bbe07c573486df2350c2233268f3201eb56db1506992a1c44c9042b9ffcfeb86fa8ee3aa79c7f21c1230
-
SSDEEP
384:J0bUe5XB4e0XGORww0Q0mS03AWTxtTUFQqzFrhObbN:yT9BuVH55dyGbN
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
facebook-sports.publicvm.com:6666
6f78dc8874a344b5bf
-
reg_key
6f78dc8874a344b5bf
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 28262e1a96080650dec8256ab64148dd_JaffaCakes118
Files
-
28262e1a96080650dec8256ab64148dd_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ