General
-
Target
7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
-
Size
343KB
-
Sample
210908-k43h2aebg9
-
MD5
a4ef9b97bb27e933d21acf408213660e
-
SHA1
468f1788f892ee364922d4ad89b4015f1cf36a5b
-
SHA256
7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
-
SHA512
db842526085b08d44e2325117defdc37624d9ecfa99f56a38a7ff87af795d8d934d63b46d25d432ae82f5d32fb50cc27be87b5e38a739db06a437bc81b070643
Static task
static1
Behavioral task
behavioral1
Sample
7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407.exe
Resource
win7-en
Malware Config
Extracted
njrat
0.7d
SAZANXD
20.94.209.182:8080
5674c09c7f0c4298faa91f68465c425a
-
reg_key
5674c09c7f0c4298faa91f68465c425a
-
splitter
|'|'|
Targets
-
-
Target
7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
-
Size
343KB
-
MD5
a4ef9b97bb27e933d21acf408213660e
-
SHA1
468f1788f892ee364922d4ad89b4015f1cf36a5b
-
SHA256
7c84531c6299e423eacc06007a52e9a0ce6b334f3e18fc53cf6d1aca1f6b1407
-
SHA512
db842526085b08d44e2325117defdc37624d9ecfa99f56a38a7ff87af795d8d934d63b46d25d432ae82f5d32fb50cc27be87b5e38a739db06a437bc81b070643
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-