General
-
Target
921f017a81f6d5b9ef1f7c02456ae2ed_JaffaCakes118
-
Size
647KB
-
Sample
241124-daerjswpfk
-
MD5
921f017a81f6d5b9ef1f7c02456ae2ed
-
SHA1
0150383f1d396e3d8ae6cba10931c40631074a18
-
SHA256
0eb998e122d7da2a5b25e06334a67011cada36a0e9f8faf7459aaa410501fab2
-
SHA512
3d70d51524e45579db11a32148338767310df164828a3b7bfdd8e20cc6a41ca4136b33cc1646d12f902d4d031e29e344b414b863be1f0e7d746374ff4d1cc8e1
-
SSDEEP
12288:IWAtyUBBIZ+T4nX03dvxlO6n/LJaJGHoAu/5G4CZUqejc+:FzyT3dvbO6nzJaJyoAMQ4CZUF
Static task
static1
Behavioral task
behavioral1
Sample
921f017a81f6d5b9ef1f7c02456ae2ed_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
njrat
0.7d
Miki
miki228.no-ip.biz:3333
cd89814ed610dfb76df931218aa9422a
-
reg_key
cd89814ed610dfb76df931218aa9422a
-
splitter
|'|'|
Targets
-
-
Target
921f017a81f6d5b9ef1f7c02456ae2ed_JaffaCakes118
-
Size
647KB
-
MD5
921f017a81f6d5b9ef1f7c02456ae2ed
-
SHA1
0150383f1d396e3d8ae6cba10931c40631074a18
-
SHA256
0eb998e122d7da2a5b25e06334a67011cada36a0e9f8faf7459aaa410501fab2
-
SHA512
3d70d51524e45579db11a32148338767310df164828a3b7bfdd8e20cc6a41ca4136b33cc1646d12f902d4d031e29e344b414b863be1f0e7d746374ff4d1cc8e1
-
SSDEEP
12288:IWAtyUBBIZ+T4nX03dvxlO6n/LJaJGHoAu/5G4CZUqejc+:FzyT3dvbO6nzJaJyoAMQ4CZUF
-
Njrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-