General
-
Target
d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
-
Size
229KB
-
Sample
210513-cdprj8z7en
-
MD5
4ea8e403e744f198c103e66e287b9731
-
SHA1
6ce569d8fe513df0e931a57381397f595a9062e9
-
SHA256
d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
-
SHA512
290c665545d43f1259f51df28380a684f603244e074c28e0f7773edd9f3ece1167d589b063c692a7987761e1c624783dddd51df2381f58de8071afd206b837c9
Static task
static1
Behavioral task
behavioral1
Sample
d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38.exe
Resource
win10v20210410
Malware Config
Extracted
njrat
0.7d
HacKed
alonewolf-45132.portmap.host:59129
d17de3a1ae19a122b329daf28aa6ff3b
-
reg_key
d17de3a1ae19a122b329daf28aa6ff3b
-
splitter
|'|'|
Targets
-
-
Target
d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
-
Size
229KB
-
MD5
4ea8e403e744f198c103e66e287b9731
-
SHA1
6ce569d8fe513df0e931a57381397f595a9062e9
-
SHA256
d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
-
SHA512
290c665545d43f1259f51df28380a684f603244e074c28e0f7773edd9f3ece1167d589b063c692a7987761e1c624783dddd51df2381f58de8071afd206b837c9
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-