General
-
Target
2032f4f31c54a376ba843d105bcc38e057ce52da9f2274d42c6391d308718366
-
Size
220KB
-
Sample
210903-k6rvbachc8
-
MD5
036e2584148eb5111b7e78835dfb22b5
-
SHA1
a434806f0660f1526600b166291a114496a93f66
-
SHA256
2032f4f31c54a376ba843d105bcc38e057ce52da9f2274d42c6391d308718366
-
SHA512
3fd80a96675000e558f05c04a9f60afc8409819d82ab3fb4022cc6e42c951c0b8f20fcd9ff1f75a99575117f538fdcad502424e34f9796d7c41de822bd01d5d8
Static task
static1
Behavioral task
behavioral1
Sample
2032f4f31c54a376ba843d105bcc38e057ce52da9f2274d42c6391d308718366.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2032f4f31c54a376ba843d105bcc38e057ce52da9f2274d42c6391d308718366.exe
Resource
win10-en
Malware Config
Extracted
njrat
0.7d
hello
configpaid.hopto.org:1177
2918d83a8048748f66be3a548e28d02b
-
reg_key
2918d83a8048748f66be3a548e28d02b
-
splitter
|'|'|
Targets
-
-
Target
2032f4f31c54a376ba843d105bcc38e057ce52da9f2274d42c6391d308718366
-
Size
220KB
-
MD5
036e2584148eb5111b7e78835dfb22b5
-
SHA1
a434806f0660f1526600b166291a114496a93f66
-
SHA256
2032f4f31c54a376ba843d105bcc38e057ce52da9f2274d42c6391d308718366
-
SHA512
3fd80a96675000e558f05c04a9f60afc8409819d82ab3fb4022cc6e42c951c0b8f20fcd9ff1f75a99575117f538fdcad502424e34f9796d7c41de822bd01d5d8
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-