General
-
Target
zrr4Nw19.exe
-
Size
28KB
-
Sample
210102-d6xyjrefbe
-
MD5
98f22cce467d54a330bbbce9a0261a5a
-
SHA1
6cbd7608018a7d503e653f444004ca525d90875c
-
SHA256
7e31b3a603afe3a04745f35987db0d90e2643676b920df2185e11ae06ad32a4f
-
SHA512
7f2a7afcd1397f3f920da7b7585fdd948cff4b6e7944f83cd1bdc614d3db333a2c5dc2b3c85a61688d8d1e789ffb484425fa619e56d41a266eff2298f98d73f8
Static task
static1
Behavioral task
behavioral1
Sample
zrr4Nw19.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
zrr4Nw19.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
FKA
15ea4944f270282d46a1f0dd4d332e8f
-
reg_key
15ea4944f270282d46a1f0dd4d332e8f
-
splitter
|'|'|
Targets
-
-
Target
zrr4Nw19.exe
-
Size
28KB
-
MD5
98f22cce467d54a330bbbce9a0261a5a
-
SHA1
6cbd7608018a7d503e653f444004ca525d90875c
-
SHA256
7e31b3a603afe3a04745f35987db0d90e2643676b920df2185e11ae06ad32a4f
-
SHA512
7f2a7afcd1397f3f920da7b7585fdd948cff4b6e7944f83cd1bdc614d3db333a2c5dc2b3c85a61688d8d1e789ffb484425fa619e56d41a266eff2298f98d73f8
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-