General
-
Target
8B54AC281EA90D359B212B1CE7FFD0B4AC5CAB9EE2F93.exe
-
Size
395KB
-
Sample
211008-c1ad3sdaf3
-
MD5
72a2512b36128f94127a7206df3a5032
-
SHA1
6a3873d420dad9f5f20ce7f8493efc3c2cfe5a18
-
SHA256
8b54ac281ea90d359b212b1ce7ffd0b4ac5cab9ee2f93bd9ca393b992556e80a
-
SHA512
2122b37537c94960ba2154e8c15acd2b3983cf53314e8368b02ee87956e8d98287163f64917a844be30dae8a7c0936604b4ec94df0fc81192d270865ac640166
Static task
static1
Behavioral task
behavioral1
Sample
8B54AC281EA90D359B212B1CE7FFD0B4AC5CAB9EE2F93.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
8B54AC281EA90D359B212B1CE7FFD0B4AC5CAB9EE2F93.exe
Resource
win10v20210408
Malware Config
Extracted
njrat
0.7d
Lammer
6.tcp.ngrok.io:16860
142514b06c5331e576c2b748ba1ec681
-
reg_key
142514b06c5331e576c2b748ba1ec681
-
splitter
|'|'|
Targets
-
-
Target
8B54AC281EA90D359B212B1CE7FFD0B4AC5CAB9EE2F93.exe
-
Size
395KB
-
MD5
72a2512b36128f94127a7206df3a5032
-
SHA1
6a3873d420dad9f5f20ce7f8493efc3c2cfe5a18
-
SHA256
8b54ac281ea90d359b212b1ce7ffd0b4ac5cab9ee2f93bd9ca393b992556e80a
-
SHA512
2122b37537c94960ba2154e8c15acd2b3983cf53314e8368b02ee87956e8d98287163f64917a844be30dae8a7c0936604b4ec94df0fc81192d270865ac640166
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-