General
-
Target
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.zip
-
Size
36KB
-
Sample
211006-e4cdysaed7
-
MD5
284327b4940230cc1101d484d7a477e0
-
SHA1
442c2fd820adf1980929da5572117c1211b3ec7f
-
SHA256
2e0037526dc99997dd3e17d63d7c5e408511f9e571f2281588564d6857ac8e36
-
SHA512
f0198cc245844069d9fe4264ef02f7728c4995b7aaa07d3b6b46d25b06ecc94c3ed84d9aecf8c66b42f96c6533ed078b62ccbd8182cd1cdc917a790f9c009531
Behavioral task
behavioral1
Sample
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.exe
Resource
win10-en-20210920
Malware Config
Extracted
njrat
0.7.3
Zombie
0.tcp.eu.ngrok.io:14618
svchost.exe
-
reg_key
svchost.exe
-
splitter
123
Targets
-
-
Target
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3
-
Size
78KB
-
MD5
495ac365075583f4cbd9487cb6c1935c
-
SHA1
9341e99733e753a7f5c2a716c35a7dc131d271d0
-
SHA256
216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3
-
SHA512
b9e4c72fd53b5e257d701f123fcc6771013b897aa65bbc6f24b1754e9cd9488cde99eb33b54c40b23c76a4bdb669e388b28829b473b00ff0a44940497c46fbe7
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-