General
-
Target
59B45EF1DA7D5DD6D2CB29796794FAE90F67F13566DD1.exe
-
Size
884KB
-
Sample
210905-yd4kashge4
-
MD5
c865447ddf5a946a5663c824ec3a8f28
-
SHA1
dd713980b874a10f6eb1c8e4cf6343e2d28afa8f
-
SHA256
59b45ef1da7d5dd6d2cb29796794fae90f67f13566dd15864fe4a65e42b9d7b7
-
SHA512
5238aef22f795be8c1ab5afbae5e5f9f5a3e07880dada27ce353438c147fab09a4f1b51529b391d3dbdffa177120a90af97a1431b7b9b2dc4007a2edfcccc6fb
Static task
static1
Behavioral task
behavioral1
Sample
59B45EF1DA7D5DD6D2CB29796794FAE90F67F13566DD1.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
59B45EF1DA7D5DD6D2CB29796794FAE90F67F13566DD1.exe
Resource
win10v20210408
Malware Config
Extracted
njrat
0.7.3
SKYPE
browserskype.duckdns.org:2024
CNAODt.exe
-
reg_key
CNAODt.exe
-
splitter
zaq1
Targets
-
-
Target
59B45EF1DA7D5DD6D2CB29796794FAE90F67F13566DD1.exe
-
Size
884KB
-
MD5
c865447ddf5a946a5663c824ec3a8f28
-
SHA1
dd713980b874a10f6eb1c8e4cf6343e2d28afa8f
-
SHA256
59b45ef1da7d5dd6d2cb29796794fae90f67f13566dd15864fe4a65e42b9d7b7
-
SHA512
5238aef22f795be8c1ab5afbae5e5f9f5a3e07880dada27ce353438c147fab09a4f1b51529b391d3dbdffa177120a90af97a1431b7b9b2dc4007a2edfcccc6fb
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-