General
-
Target
20f6117d283429b37fe69bac1c359ae2
-
Size
483KB
-
Sample
201214-zhayr4gvy2
-
MD5
20f6117d283429b37fe69bac1c359ae2
-
SHA1
b7da29f00ccbc21afcdee37e555881bbeafc8dd3
-
SHA256
0c8e9450e4da34f82d2c7dc00dc2969fd1557fd074ba1ba5e743cfeebd010634
-
SHA512
f989093dcc5c5bad8bd4d6224d5153170f1f3be5f563c79ef0bdf4684abc4174a2d4c47b6f81eceb931cbb1077a35f0948a45bd09605430778e0f05c7b9d2db6
Static task
static1
Behavioral task
behavioral1
Sample
20f6117d283429b37fe69bac1c359ae2.exe
Resource
win7v20201028
Malware Config
Extracted
njrat
0.7d
Victima
ctaenl.hopto.org:5552
a051d95b93b260b31c1eaef96aa2d0fa
-
reg_key
a051d95b93b260b31c1eaef96aa2d0fa
-
splitter
|'|'|
Targets
-
-
Target
20f6117d283429b37fe69bac1c359ae2
-
Size
483KB
-
MD5
20f6117d283429b37fe69bac1c359ae2
-
SHA1
b7da29f00ccbc21afcdee37e555881bbeafc8dd3
-
SHA256
0c8e9450e4da34f82d2c7dc00dc2969fd1557fd074ba1ba5e743cfeebd010634
-
SHA512
f989093dcc5c5bad8bd4d6224d5153170f1f3be5f563c79ef0bdf4684abc4174a2d4c47b6f81eceb931cbb1077a35f0948a45bd09605430778e0f05c7b9d2db6
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-