General
-
Target
qkZKfZTC9ZEN8z2.exe
-
Size
383KB
-
Sample
201226-lvsavs9hj6
-
MD5
170f90d6d9b128a8af103c8003539a54
-
SHA1
35a2f8791679b7b17fbb2758a4de717bf1314039
-
SHA256
b34672c7194dc439e09164ea39449d529a1efde6029f18edadb26e399591c68f
-
SHA512
512a34561fe2528287308738999ec9d58c1690098673af9cde7b429b7e307c21a9dd4c9e642514c7f51cf2971bafc975354f8d147b954292b1a4f12becdbac98
Static task
static1
Behavioral task
behavioral1
Sample
qkZKfZTC9ZEN8z2.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
qkZKfZTC9ZEN8z2.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
$$$$$$Fucking
whmfix009.cf:5409
f6a7c83d337d940f548e06019597f0a2
-
reg_key
f6a7c83d337d940f548e06019597f0a2
-
splitter
|'|'|
Targets
-
-
Target
qkZKfZTC9ZEN8z2.exe
-
Size
383KB
-
MD5
170f90d6d9b128a8af103c8003539a54
-
SHA1
35a2f8791679b7b17fbb2758a4de717bf1314039
-
SHA256
b34672c7194dc439e09164ea39449d529a1efde6029f18edadb26e399591c68f
-
SHA512
512a34561fe2528287308738999ec9d58c1690098673af9cde7b429b7e307c21a9dd4c9e642514c7f51cf2971bafc975354f8d147b954292b1a4f12becdbac98
Score10/10-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-