General
-
Target
JaffaCakes118_46811c1d5ee6760733f363749071f92e
-
Size
127KB
-
Sample
250101-em99natphx
-
MD5
46811c1d5ee6760733f363749071f92e
-
SHA1
2c10273e7f7b5be5b8b07c9188f07b44a450166c
-
SHA256
15d12789262a679cbefc1b5c4df5432e0592e0b5013c484c82b3a61f524a1365
-
SHA512
c278092003c4092ea8a5fd8037869a3c6b1ea284862e3da4389d94d2af28251e83be1946114b5d29220f6c27a115d1ff454f8b3fa13c095493a512fdfbee8c20
-
SSDEEP
3072:vTjUek9zjP62dkHEgitptSt+X9JvGdA0U3IZ0U+bZ0tm:vejPVkEgijt4OV+U3sJm
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_46811c1d5ee6760733f363749071f92e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_46811c1d5ee6760733f363749071f92e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
Update
194.34.132.153:1604
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
JaffaCakes118_46811c1d5ee6760733f363749071f92e
-
Size
127KB
-
MD5
46811c1d5ee6760733f363749071f92e
-
SHA1
2c10273e7f7b5be5b8b07c9188f07b44a450166c
-
SHA256
15d12789262a679cbefc1b5c4df5432e0592e0b5013c484c82b3a61f524a1365
-
SHA512
c278092003c4092ea8a5fd8037869a3c6b1ea284862e3da4389d94d2af28251e83be1946114b5d29220f6c27a115d1ff454f8b3fa13c095493a512fdfbee8c20
-
SSDEEP
3072:vTjUek9zjP62dkHEgitptSt+X9JvGdA0U3IZ0U+bZ0tm:vejPVkEgijt4OV+U3sJm
Score10/10-
Njrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-