General
-
Target
992df14edd25e8988a892d95293c54bb_JaffaCakes118
-
Size
489KB
-
Sample
240605-zcg6cahf95
-
MD5
992df14edd25e8988a892d95293c54bb
-
SHA1
b064c32b71e598b65cb199e955c489777b0c9f8a
-
SHA256
514e28bcbebe384b8fb709dcce50863dfffecebfa6b103b2008c60f58fb4bddc
-
SHA512
14bfa5e14f93ca1320b2bec29e57f4d8a3a940e0b225d9f6074192712eb098932ea6deab626bc3b150eff02549354ad29804ac5357af722d2b20ea189468b4f9
-
SSDEEP
12288:ZRl+2QMSc+ZqLOz7dKFHeSJ7zdGsPpv2NwdA:uZjKNeSJ7zdGshk
Static task
static1
Behavioral task
behavioral1
Sample
992df14edd25e8988a892d95293c54bb_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
992df14edd25e8988a892d95293c54bb_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
netwire
fdghfghdfghjhgjkgfgjh234569.ru:6973
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
a2nw
-
lock_executable
false
-
mutex
MRKRwsXI
-
offline_keylogger
false
-
password
rdfs34df32sdf
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
992df14edd25e8988a892d95293c54bb_JaffaCakes118
-
Size
489KB
-
MD5
992df14edd25e8988a892d95293c54bb
-
SHA1
b064c32b71e598b65cb199e955c489777b0c9f8a
-
SHA256
514e28bcbebe384b8fb709dcce50863dfffecebfa6b103b2008c60f58fb4bddc
-
SHA512
14bfa5e14f93ca1320b2bec29e57f4d8a3a940e0b225d9f6074192712eb098932ea6deab626bc3b150eff02549354ad29804ac5357af722d2b20ea189468b4f9
-
SSDEEP
12288:ZRl+2QMSc+ZqLOz7dKFHeSJ7zdGsPpv2NwdA:uZjKNeSJ7zdGshk
Score10/10-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-