General
-
Target
aff78e3bfeb28385f20384fc6e3f3327
-
Size
100KB
-
Sample
201214-yxjrwylq8e
-
MD5
aff78e3bfeb28385f20384fc6e3f3327
-
SHA1
d448f9c3a5df6c8ae81e3178f14b39ce63619b7d
-
SHA256
3f79c48003089ef4f35e9fdcfaeba9323c1a80251e91a3f1bd3673d2ec02a506
-
SHA512
9e7fbbe9ba4914828859936f5ad6330a65b1aa58afe26a611a0b6f3d16a5387a4b707790ccb2d67a822f6fc14c4f92b48fbbfffc3af4a04e329daf78ca1d54ee
Static task
static1
Behavioral task
behavioral1
Sample
aff78e3bfeb28385f20384fc6e3f3327.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
aff78e3bfeb28385f20384fc6e3f3327.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
neuf
doddyfire.linkpc.net:10000
e1a87040f2026369a233f9ae76301b7b
-
reg_key
e1a87040f2026369a233f9ae76301b7b
-
splitter
|'|'|
Targets
-
-
Target
aff78e3bfeb28385f20384fc6e3f3327
-
Size
100KB
-
MD5
aff78e3bfeb28385f20384fc6e3f3327
-
SHA1
d448f9c3a5df6c8ae81e3178f14b39ce63619b7d
-
SHA256
3f79c48003089ef4f35e9fdcfaeba9323c1a80251e91a3f1bd3673d2ec02a506
-
SHA512
9e7fbbe9ba4914828859936f5ad6330a65b1aa58afe26a611a0b6f3d16a5387a4b707790ccb2d67a822f6fc14c4f92b48fbbfffc3af4a04e329daf78ca1d54ee
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-