General
-
Target
ZAgNhZBG.exe
-
Size
23KB
-
Sample
201221-dp5bj79tvx
-
MD5
5859e656d5735eb9a1eeae9a94a3cc16
-
SHA1
85c1ab9c6fe450a83fb2cc1681b45272020ce5a6
-
SHA256
4c91e5ce3dc54a407d6fce46eede37d2e2343f4db688e158e23abb543ce5a350
-
SHA512
8cce673a45d5aa0fde559311466f318a645a47be5da350e6743cc291b88ad0a90c805d0b0185940f34e192fa7011e731157aca0b82627f17e02e227f498f0c68
Static task
static1
Behavioral task
behavioral1
Sample
ZAgNhZBG.exe
Resource
win7v20201028
Malware Config
Extracted
njrat
0.7d
HacKed
xoruf.ddns.net:5552
d8f3c9bf39e889408d972a936cea46cc
-
reg_key
d8f3c9bf39e889408d972a936cea46cc
-
splitter
@!#&^%$
Targets
-
-
Target
ZAgNhZBG.exe
-
Size
23KB
-
MD5
5859e656d5735eb9a1eeae9a94a3cc16
-
SHA1
85c1ab9c6fe450a83fb2cc1681b45272020ce5a6
-
SHA256
4c91e5ce3dc54a407d6fce46eede37d2e2343f4db688e158e23abb543ce5a350
-
SHA512
8cce673a45d5aa0fde559311466f318a645a47be5da350e6743cc291b88ad0a90c805d0b0185940f34e192fa7011e731157aca0b82627f17e02e227f498f0c68
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-