General
-
Target
f8ed697e63a97f53801c85a47b5350e3.exe
-
Size
646KB
-
Sample
210906-14l42sbee5
-
MD5
f8ed697e63a97f53801c85a47b5350e3
-
SHA1
a12f21b71c116d3b9669c94e454a532283a85c19
-
SHA256
f9ae91e6b312fadf8864035e4e737daf845cd41cd4b9e28e83fe9820277ea925
-
SHA512
2da4243cdb031f0269e9672ced790b017458928a1bc6a37a238f4596152f9e7aa08c5023c6bf5490b7386adb4f441559d42a0a7076da8f16c3672268d18585ba
Static task
static1
Behavioral task
behavioral1
Sample
f8ed697e63a97f53801c85a47b5350e3.exe
Resource
win7-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
pedrobedoya2021.duckdns.org:1980
cf13c225ff474d45b
-
reg_key
cf13c225ff474d45b
-
splitter
@!#&^%$
Targets
-
-
Target
f8ed697e63a97f53801c85a47b5350e3.exe
-
Size
646KB
-
MD5
f8ed697e63a97f53801c85a47b5350e3
-
SHA1
a12f21b71c116d3b9669c94e454a532283a85c19
-
SHA256
f9ae91e6b312fadf8864035e4e737daf845cd41cd4b9e28e83fe9820277ea925
-
SHA512
2da4243cdb031f0269e9672ced790b017458928a1bc6a37a238f4596152f9e7aa08c5023c6bf5490b7386adb4f441559d42a0a7076da8f16c3672268d18585ba
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-