General
-
Target
S004-3664565-pdf.exe
-
Size
298KB
-
Sample
210412-wvtxh5khpj
-
MD5
47dc4ca4a458ec3b47e4c73311f39b98
-
SHA1
0dd7495d2900aef8c03fe3e09eef0fa758619c9b
-
SHA256
e8aa1d569976cfe238848da7f84e6ecc042f7864d9de6533988d6777d334ade5
-
SHA512
7e0772feea9f8a7860be3b80625533ec93d7ec7e84b03b8c651d56e6b0e9983e967c2c30b80fcac79962053073adf74f127a91b68e2eb235224c4a429fe1c71b
Static task
static1
Behavioral task
behavioral1
Sample
S004-3664565-pdf.exe
Resource
win7v20210408
Malware Config
Extracted
njrat
0.7d
2021$$$
194.5.98.210:4040
0ef5de3f5b1fb89677ba03e41fa0a05a
-
reg_key
0ef5de3f5b1fb89677ba03e41fa0a05a
-
splitter
|'|'|
Targets
-
-
Target
S004-3664565-pdf.exe
-
Size
298KB
-
MD5
47dc4ca4a458ec3b47e4c73311f39b98
-
SHA1
0dd7495d2900aef8c03fe3e09eef0fa758619c9b
-
SHA256
e8aa1d569976cfe238848da7f84e6ecc042f7864d9de6533988d6777d334ade5
-
SHA512
7e0772feea9f8a7860be3b80625533ec93d7ec7e84b03b8c651d56e6b0e9983e967c2c30b80fcac79962053073adf74f127a91b68e2eb235224c4a429fe1c71b
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-