General
-
Target
OrderRequest29032021_BituChemLtd.exe
-
Size
363KB
-
Sample
210329-sj3qn1y39x
-
MD5
5668a086e3c47ec9cdb8c02b36fd3395
-
SHA1
263b69b49ad9ab8237f706f91f42ff889d939f61
-
SHA256
4b1cbc04c8e1b83928148304d772cbf7c55b7aaedf520720b2bf2a6a77fd34a3
-
SHA512
12d8b17d413cbe4fd3853f548db9984175c0d90385b2ea6b9b6ba37672ae90f31f44f33ac242654e144a54806eab08ce6b43da7581b6daf5e6a2e3decfa41c7e
Static task
static1
Behavioral task
behavioral1
Sample
OrderRequest29032021_BituChemLtd.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
OrderRequest29032021_BituChemLtd.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
2021$$$
194.5.98.210:4040
0ef5de3f5b1fb89677ba03e41fa0a05a
-
reg_key
0ef5de3f5b1fb89677ba03e41fa0a05a
-
splitter
|'|'|
Targets
-
-
Target
OrderRequest29032021_BituChemLtd.exe
-
Size
363KB
-
MD5
5668a086e3c47ec9cdb8c02b36fd3395
-
SHA1
263b69b49ad9ab8237f706f91f42ff889d939f61
-
SHA256
4b1cbc04c8e1b83928148304d772cbf7c55b7aaedf520720b2bf2a6a77fd34a3
-
SHA512
12d8b17d413cbe4fd3853f548db9984175c0d90385b2ea6b9b6ba37672ae90f31f44f33ac242654e144a54806eab08ce6b43da7581b6daf5e6a2e3decfa41c7e
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-