General
-
Target
ErdS9XEU.exe
-
Size
23KB
-
Sample
201120-2bkl9pescn
-
MD5
b7f5f198a981cee4daddb7139f231436
-
SHA1
be9a7223747a1b70895302133b2e4868a82e74e3
-
SHA256
2f5cd6b013a52c1946739554d64f35f0af679025755c2191811045833d3ce7a4
-
SHA512
2eab72e5f0f7e03b523aecc0aec43d718191f7b21d8dccefea06a9cf4546960f8f52a86607d40552cd82358e0a759aeb268a04a456915811e068428a6736efb1
Static task
static1
Behavioral task
behavioral1
Sample
ErdS9XEU.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ErdS9XEU.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
Bouffon
njrat93.hopto.org:5554
922bd43c3c9463391bee6d7111ec98ad
-
reg_key
922bd43c3c9463391bee6d7111ec98ad
-
splitter
|'|'|
Targets
-
-
Target
ErdS9XEU.exe
-
Size
23KB
-
MD5
b7f5f198a981cee4daddb7139f231436
-
SHA1
be9a7223747a1b70895302133b2e4868a82e74e3
-
SHA256
2f5cd6b013a52c1946739554d64f35f0af679025755c2191811045833d3ce7a4
-
SHA512
2eab72e5f0f7e03b523aecc0aec43d718191f7b21d8dccefea06a9cf4546960f8f52a86607d40552cd82358e0a759aeb268a04a456915811e068428a6736efb1
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-