General
-
Target
SecuriteInfo.com.ArtemisCCFFA416D71A.3757.1626
-
Size
919KB
-
Sample
210712-eq3beqyl2n
-
MD5
ccffa416d71ae9cec2a09136a87a656e
-
SHA1
06ed67baace03cb08ac03b4b7ede85f716cd683f
-
SHA256
5750ac496c4e8a62e2f46af468ec5a2fdbfd9e13c681644f5d1f2269e3458aad
-
SHA512
89d6f9f18191e91f74d697bccd1a02885866834c95759bef8811e32fb675bfcb14db4ad47a9c704dc825ffec7e2a4d2e960b112d2bbb050bb3b3dfd3675f3e4f
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.ArtemisCCFFA416D71A.3757.1626.exe
Resource
win7v20210408
Malware Config
Extracted
njrat
0.7d
2021$$$
194.5.98.210:4040
0ef5de3f5b1fb89677ba03e41fa0a05a
-
reg_key
0ef5de3f5b1fb89677ba03e41fa0a05a
-
splitter
|'|'|
Targets
-
-
Target
SecuriteInfo.com.ArtemisCCFFA416D71A.3757.1626
-
Size
919KB
-
MD5
ccffa416d71ae9cec2a09136a87a656e
-
SHA1
06ed67baace03cb08ac03b4b7ede85f716cd683f
-
SHA256
5750ac496c4e8a62e2f46af468ec5a2fdbfd9e13c681644f5d1f2269e3458aad
-
SHA512
89d6f9f18191e91f74d697bccd1a02885866834c95759bef8811e32fb675bfcb14db4ad47a9c704dc825ffec7e2a4d2e960b112d2bbb050bb3b3dfd3675f3e4f
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-