General
-
Target
2021-04-22 RFQ.exe
-
Size
328KB
-
Sample
210422-av81j3j1z2
-
MD5
b29cb4fb6d8c783a980e0a9b1204ada2
-
SHA1
a0aa15dbbd56f6c1a7d64c979b7cc2b824723f59
-
SHA256
cc51fd756b80ed81ee15de579a2d61242a339de120f50bb39dd2301fd4e02405
-
SHA512
47c65b3a2e1983393821ee762c4b6164203a707262dfe1a46c449f567db2d0b063c4c4ce00453ed7ed56af42b82db291e0dda2e51ef0fa2128ef5bb1ed4b6b9a
Static task
static1
Behavioral task
behavioral1
Sample
2021-04-22 RFQ.exe
Resource
win7v20210410
Malware Config
Extracted
njrat
0.7d
2021$$$
194.5.98.210:4040
0ef5de3f5b1fb89677ba03e41fa0a05a
-
reg_key
0ef5de3f5b1fb89677ba03e41fa0a05a
-
splitter
|'|'|
Targets
-
-
Target
2021-04-22 RFQ.exe
-
Size
328KB
-
MD5
b29cb4fb6d8c783a980e0a9b1204ada2
-
SHA1
a0aa15dbbd56f6c1a7d64c979b7cc2b824723f59
-
SHA256
cc51fd756b80ed81ee15de579a2d61242a339de120f50bb39dd2301fd4e02405
-
SHA512
47c65b3a2e1983393821ee762c4b6164203a707262dfe1a46c449f567db2d0b063c4c4ce00453ed7ed56af42b82db291e0dda2e51ef0fa2128ef5bb1ed4b6b9a
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-