General
-
Target
4b296c56dac1277051eca84cabf8b6232efa522fd25a50fed95e840c098d324e
-
Size
1MB
-
Sample
210930-jypvbahahp
-
MD5
a2f35e38f6b100b91d0ddab680538d39
-
SHA1
1c81b383748ec30678d96c3aea78fbd08fbbb923
-
SHA256
4b296c56dac1277051eca84cabf8b6232efa522fd25a50fed95e840c098d324e
-
SHA512
84ed35e114e7391f543f5f1eedde59f7bfc05117d96c7ad299ba54828097bc4c5abc6488cd0eaae971a7c09792e510c66b52cff842be992f0bc1aaac1639f615
Static task
static1
Behavioral task
behavioral1
Sample
4b296c56dac1277051eca84cabf8b6232efa522fd25a50fed95e840c098d324e.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4b296c56dac1277051eca84cabf8b6232efa522fd25a50fed95e840c098d324e.exe
Resource
win10-en-20210920
Malware Config
Extracted
njrat
im523
HacKed
91.213.44.57:9
f227f14b70512c480fba70d41029f780
-
reg_key
f227f14b70512c480fba70d41029f780
-
splitter
|'|'|
Targets
-
-
Target
4b296c56dac1277051eca84cabf8b6232efa522fd25a50fed95e840c098d324e
-
Size
1MB
-
MD5
a2f35e38f6b100b91d0ddab680538d39
-
SHA1
1c81b383748ec30678d96c3aea78fbd08fbbb923
-
SHA256
4b296c56dac1277051eca84cabf8b6232efa522fd25a50fed95e840c098d324e
-
SHA512
84ed35e114e7391f543f5f1eedde59f7bfc05117d96c7ad299ba54828097bc4c5abc6488cd0eaae971a7c09792e510c66b52cff842be992f0bc1aaac1639f615
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
autoit_exe
AutoIT scripts compiled to PE executables.
-