General
-
Target
NO - IP.exe
-
Size
37KB
-
Sample
211018-rfmw1aefeq
-
MD5
6dac828a152d6eeb75ee6d92dcf3bd39
-
SHA1
839c8970c6e3bc6dc010a175c2b4523f18ebafc3
-
SHA256
c0e3ff2c207a1dafd241067bed9a69eb50edd1a891f6137294af478f7cbc1dfa
-
SHA512
bb27641b02967ecb581f2b5b24c2a2e3aac4d33e599f3e450b2c743cf1e0d1359ef57e30b841caa39be147cbaf3b84d8e25fcf30f87c69aa3875cddca669de64
Behavioral task
behavioral1
Sample
NO - IP.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
NO - IP.exe
Resource
win10-en-20210920
Malware Config
Extracted
njrat
im523
h2cked
nevermind874.ddns.net:4444
e563c110376e576e62167dae02b6c9c7
-
reg_key
e563c110376e576e62167dae02b6c9c7
-
splitter
|'|'|
Targets
-
-
Target
NO - IP.exe
-
Size
37KB
-
MD5
6dac828a152d6eeb75ee6d92dcf3bd39
-
SHA1
839c8970c6e3bc6dc010a175c2b4523f18ebafc3
-
SHA256
c0e3ff2c207a1dafd241067bed9a69eb50edd1a891f6137294af478f7cbc1dfa
-
SHA512
bb27641b02967ecb581f2b5b24c2a2e3aac4d33e599f3e450b2c743cf1e0d1359ef57e30b841caa39be147cbaf3b84d8e25fcf30f87c69aa3875cddca669de64
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-