General
-
Target
a1bd9e989614f6d8024d4fb930246d6b6bb5611b148476414efcf01d30f79fc8
-
Size
83KB
-
Sample
210907-gxpf2scab6
-
MD5
7c6290951c89aac232a806d70f72e573
-
SHA1
0cd2416d39e7e11a7066d12adff69ccd9411b98d
-
SHA256
a1bd9e989614f6d8024d4fb930246d6b6bb5611b148476414efcf01d30f79fc8
-
SHA512
9ab95ef8909a0f4324b8756e86492a6fb9318d724b610c477405113b435315d11c8ee18c7a82481a912fa29b73f339f8da149a8ca3419450d0b8b837bcad90fe
Static task
static1
Behavioral task
behavioral1
Sample
a1bd9e989614f6d8024d4fb930246d6b6bb5611b148476414efcf01d30f79fc8.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
a1bd9e989614f6d8024d4fb930246d6b6bb5611b148476414efcf01d30f79fc8.exe
Resource
win10-en
Malware Config
Extracted
njrat
0.7d
.......CELCOM
anunankis1.duckdns.org:1177
04404d18b002688e39bb45a634c1a35a
-
reg_key
04404d18b002688e39bb45a634c1a35a
-
splitter
|'|'|
Targets
-
-
Target
a1bd9e989614f6d8024d4fb930246d6b6bb5611b148476414efcf01d30f79fc8
-
Size
83KB
-
MD5
7c6290951c89aac232a806d70f72e573
-
SHA1
0cd2416d39e7e11a7066d12adff69ccd9411b98d
-
SHA256
a1bd9e989614f6d8024d4fb930246d6b6bb5611b148476414efcf01d30f79fc8
-
SHA512
9ab95ef8909a0f4324b8756e86492a6fb9318d724b610c477405113b435315d11c8ee18c7a82481a912fa29b73f339f8da149a8ca3419450d0b8b837bcad90fe
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-