General
-
Target
327A3182D9600CE08CD59ECBE4B5CEE6E49736CB6B027.exe
-
Size
277KB
-
Sample
210911-n7txvabch6
-
MD5
12fcd9494fe933014ef9e9d501f815a0
-
SHA1
6a64df986e28df14268cce47100213d4c5b1ffef
-
SHA256
327a3182d9600ce08cd59ecbe4b5cee6e49736cb6b02749fd57972007d6bea11
-
SHA512
b4d82b8931d5b91bcb9a6c0eac238109bd74cfb335ebcaad8753cc5c66859d76fe50731093d9594157a10cc316d59d32a39d5843beb7cd546bbdd0ec95931d4a
Static task
static1
Behavioral task
behavioral1
Sample
327A3182D9600CE08CD59ECBE4B5CEE6E49736CB6B027.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
327A3182D9600CE08CD59ECBE4B5CEE6E49736CB6B027.exe
Resource
win10-en
Malware Config
Extracted
njrat
0.7.3
PC-pc
master1520.duckdns.org:2084
Java.exe
-
reg_key
Java.exe
-
splitter
1234
Targets
-
-
Target
327A3182D9600CE08CD59ECBE4B5CEE6E49736CB6B027.exe
-
Size
277KB
-
MD5
12fcd9494fe933014ef9e9d501f815a0
-
SHA1
6a64df986e28df14268cce47100213d4c5b1ffef
-
SHA256
327a3182d9600ce08cd59ecbe4b5cee6e49736cb6b02749fd57972007d6bea11
-
SHA512
b4d82b8931d5b91bcb9a6c0eac238109bd74cfb335ebcaad8753cc5c66859d76fe50731093d9594157a10cc316d59d32a39d5843beb7cd546bbdd0ec95931d4a
Score10/10-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-