General
-
Target
S123erver.exe
-
Size
106KB
-
Sample
211021-rs6vmsadg4
-
MD5
9a8bfcdfb43451e84f36db37a5dbeb69
-
SHA1
631c947853ecd90f85d1ceab0d4929b6f1a567b0
-
SHA256
ab911ff317e64605f78af4e8f6f637a8e4a014fb426edb858aab588e105e5fad
-
SHA512
e156cfcbe62af0687118e62eefac1afbf86c8a956c423af55fdfc325aec30b11a0280a8231375610c6990d19b1cb79a557968f93c020ebb4c684592070ec7c92
Malware Config
Extracted
njrat
0.7d
HacKed
ODIuFRANSESCOjAyLjE2Ny4yFRANSESCODUStrik:MTIzNjE=
224a447697bf2b49e78d4ad88e1bc033
-
reg_key
224a447697bf2b49e78d4ad88e1bc033
-
splitter
|'|'|
Targets
-
-
Target
S123erver.exe
-
Size
106KB
-
MD5
9a8bfcdfb43451e84f36db37a5dbeb69
-
SHA1
631c947853ecd90f85d1ceab0d4929b6f1a567b0
-
SHA256
ab911ff317e64605f78af4e8f6f637a8e4a014fb426edb858aab588e105e5fad
-
SHA512
e156cfcbe62af0687118e62eefac1afbf86c8a956c423af55fdfc325aec30b11a0280a8231375610c6990d19b1cb79a557968f93c020ebb4c684592070ec7c92
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Drops file in System32 directory
-