General
-
Target
PBHACK.exe
-
Size
1.3MB
-
Sample
210719-exrtrx9536
-
MD5
a5ed586c6aa4674092bb6bd521affddd
-
SHA1
cd0034fafdcab582fa4b12ff2c5bbdceeca62533
-
SHA256
c2bea2d868e82aacc04296992cd63a14383592c225b868eaf0609299557c55a2
-
SHA512
f1b54ed8f3031dd36c01bd16580f673f004c9f68c8749e5c20b12b2cf65e780140aeddbe2a2d20f6ca787759bf3563a3cbe2d37f02937dbc46ab2615932d8a24
Static task
static1
Behavioral task
behavioral1
Sample
PBHACK.exe
Resource
win7v20210410
Malware Config
Extracted
njrat
0.7d
PBHACK
zetsubranco.duckdns.org:1177
043f16f4cc1323e18d4d845c634e9302
-
reg_key
043f16f4cc1323e18d4d845c634e9302
-
splitter
|'|'|
Targets
-
-
Target
PBHACK.exe
-
Size
1.3MB
-
MD5
a5ed586c6aa4674092bb6bd521affddd
-
SHA1
cd0034fafdcab582fa4b12ff2c5bbdceeca62533
-
SHA256
c2bea2d868e82aacc04296992cd63a14383592c225b868eaf0609299557c55a2
-
SHA512
f1b54ed8f3031dd36c01bd16580f673f004c9f68c8749e5c20b12b2cf65e780140aeddbe2a2d20f6ca787759bf3563a3cbe2d37f02937dbc46ab2615932d8a24
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-