General
-
Target
rTay7rkg.exe
-
Size
23KB
-
Sample
201120-5kxml3lh1e
-
MD5
b3c9f88e4582e86a1d7bb0e8cfa0299f
-
SHA1
63fb8cc77150d8e672279907259c4da4b69a5651
-
SHA256
14dab534b57de16260131063371f80155f250eabfcab9caaf3f6785a64f0bae5
-
SHA512
7749cc3f9a8d8c6ee19e8743028cc97a9d6b1e9e15b8fa2fae1264b4f90130b0ed22f0e583477b6bd01b6061ca748b1f22efb0347b69279b621d76193f300734
Static task
static1
Behavioral task
behavioral1
Sample
rTay7rkg.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
rTay7rkg.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
Bouffon
njrat93.hopto.org:5554
922bd43c3c9463391bee6d7111ec98ad
-
reg_key
922bd43c3c9463391bee6d7111ec98ad
-
splitter
|'|'|
Targets
-
-
Target
rTay7rkg.exe
-
Size
23KB
-
MD5
b3c9f88e4582e86a1d7bb0e8cfa0299f
-
SHA1
63fb8cc77150d8e672279907259c4da4b69a5651
-
SHA256
14dab534b57de16260131063371f80155f250eabfcab9caaf3f6785a64f0bae5
-
SHA512
7749cc3f9a8d8c6ee19e8743028cc97a9d6b1e9e15b8fa2fae1264b4f90130b0ed22f0e583477b6bd01b6061ca748b1f22efb0347b69279b621d76193f300734
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-