General
-
Target
f32fb1af5db650065e6e1d02ade5506e6c0903e4bbc9ff6ff2fbf94bef6ffba4
-
Size
346KB
-
Sample
210930-qfnmvshgd8
-
MD5
776211eed31b6a8ea3539ac1d822362c
-
SHA1
b18225f3217536c802d43d9e4a0ac8ac22a90109
-
SHA256
f32fb1af5db650065e6e1d02ade5506e6c0903e4bbc9ff6ff2fbf94bef6ffba4
-
SHA512
c067fd43414e3ccb87cef9b707125634be0ba5f0f6aa6e13a63de791ff2cb4a1b0ebb63fd174a5940f4e6aab0c1e349977da6e2eda633bd64ec1502a38f3d3f4
Behavioral task
behavioral1
Sample
f32fb1af5db650065e6e1d02ade5506e6c0903e4bbc9ff6ff2fbf94bef6ffba4.exe
Resource
win7-en-20210920
Malware Config
Extracted
njrat
0.6.4
HacKed
windownssystem.ddns.net:1010
301b5fcf8ce2fab8868e80b6c1f912fe
-
reg_key
301b5fcf8ce2fab8868e80b6c1f912fe
-
splitter
|'|'|
Targets
-
-
Target
f32fb1af5db650065e6e1d02ade5506e6c0903e4bbc9ff6ff2fbf94bef6ffba4
-
Size
346KB
-
MD5
776211eed31b6a8ea3539ac1d822362c
-
SHA1
b18225f3217536c802d43d9e4a0ac8ac22a90109
-
SHA256
f32fb1af5db650065e6e1d02ade5506e6c0903e4bbc9ff6ff2fbf94bef6ffba4
-
SHA512
c067fd43414e3ccb87cef9b707125634be0ba5f0f6aa6e13a63de791ff2cb4a1b0ebb63fd174a5940f4e6aab0c1e349977da6e2eda633bd64ec1502a38f3d3f4
-
Detect XtremeRAT Payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-