General
-
Target
0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
-
Size
7KB
-
Sample
210913-v2byeaebf6
-
MD5
0152ba660d23a2bb6edda5078fc936fa
-
SHA1
253c14c6dd3e5aaa224b2cb6bfc9a53012896776
-
SHA256
0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
-
SHA512
8c2dbe5d3dce477f24d80b2221bc3ebd48bdc923bb599758e116ef4db05f91c392e484e0f46e072809108d11fc7433481f01b3f7d7a0e184114daad8ee5ab666
Static task
static1
Behavioral task
behavioral1
Sample
0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522.exe
Resource
win7-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/835468911642279977/886054903166947418/Dragon.jpg
Extracted
njrat
v2.0
HacKed
d3dx-botnet.portmap.host:7276
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
-
Size
7KB
-
MD5
0152ba660d23a2bb6edda5078fc936fa
-
SHA1
253c14c6dd3e5aaa224b2cb6bfc9a53012896776
-
SHA256
0992c903425c04bb257f9dc5ae24f2f9315671b711ede082e5705bff5ddf6522
-
SHA512
8c2dbe5d3dce477f24d80b2221bc3ebd48bdc923bb599758e116ef4db05f91c392e484e0f46e072809108d11fc7433481f01b3f7d7a0e184114daad8ee5ab666
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-