General
-
Target
4.ex
-
Size
23KB
-
Sample
210910-ps96ysaba9
-
MD5
5a5913f5e716b5e77308de165ec9cad2
-
SHA1
475542ce79804f08f5e46127228b48cf95d08786
-
SHA256
cb002303aebb1d369d369c47c96a27ee5d6597ed6cf7693ad633f573da25f4cd
-
SHA512
3e77b4cd2e7380ab3fbd61f432613c3ace3583e88d21deae14c409f20bd2fca84f2054e3cfd91ca75ecbf99829398d322425e978fa02d99c424a1d2057ae3ff5
Static task
static1
Behavioral task
behavioral1
Sample
4.ex.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4.ex.exe
Resource
win10-en
Malware Config
Extracted
njrat
0.7d
System Exporer
subscribedao3001.hopto.org:3001
ab812c7bd0447f8878bc9c41022ce9f9
-
reg_key
ab812c7bd0447f8878bc9c41022ce9f9
-
splitter
|'|'|
Targets
-
-
Target
4.ex
-
Size
23KB
-
MD5
5a5913f5e716b5e77308de165ec9cad2
-
SHA1
475542ce79804f08f5e46127228b48cf95d08786
-
SHA256
cb002303aebb1d369d369c47c96a27ee5d6597ed6cf7693ad633f573da25f4cd
-
SHA512
3e77b4cd2e7380ab3fbd61f432613c3ace3583e88d21deae14c409f20bd2fca84f2054e3cfd91ca75ecbf99829398d322425e978fa02d99c424a1d2057ae3ff5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-