General
-
Target
Windows Security Health Service.bin.zip
-
Size
298KB
-
Sample
210925-3xj28aeaf7
-
MD5
c875240e28332c2051dd6e5be257af53
-
SHA1
e6ef1da4c5889282702e3e745a828ab5c170968c
-
SHA256
cedfea0974aceb19d6c47fcd22c2082b57813bc8615cb5f5b505f19703ea6173
-
SHA512
f0602e7d88e7df2b5925bbeca3ddf33e44276aff28496c926e84594b31bc462415af3c5e0fdd394952443a01416e37259a45bafb0770c3fa42498a0768d765e8
Static task
static1
Behavioral task
behavioral1
Sample
Windows Security Health Service.bin.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Windows Security Health Service.bin.exe
Resource
win10v20210408
Malware Config
Extracted
njrat
v4.0
HacKed
blackhacked.ddns.net:5555
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Windows Security Health Service.bin
-
Size
595KB
-
MD5
ba38fee6928359b14d6ab46fd1c6a2e2
-
SHA1
d0ffbbdb618a86af97c9a37f8d506cff3b91e377
-
SHA256
1cc94a68355afc41f13a6c6136b0d0d212f33a92e1f53a51075f05d49f541310
-
SHA512
c1b9650c75a777455e4b8e21e5b01fbf7457928ab4545f5fc74d589da3c27d4ebf7c334c2d9bb5334c401cbf1a8fb68569eded934613799ba018b2261caf3a74
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-