General
-
Target
Twitter Crack.exe
-
Size
5.4MB
-
Sample
211023-z2qtsacde8
-
MD5
87e2016d2af2214bb8bd71b20adcecb4
-
SHA1
95e0c972f66ae2c0a6ffd41bf4aaeb24e6e567b1
-
SHA256
9703bf9f3b22e8a8cd3b2797a2da5a48d326c9dde57dbe4481b6cbc634b81f04
-
SHA512
b38ab45feaa97b689c11301e968c8b6087fa8513409fd0d517ff7d2d86ae9ca104e7d577c80cfb53fb87ddff684146326665385208674790220bcf5a19d6e81d
Static task
static1
Behavioral task
behavioral1
Sample
Twitter Crack.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Twitter Crack.exe
Resource
win10-en-20210920
Malware Config
Extracted
njrat
0.6.4
white monkey
127.0.0.1:1177
56af94ecf1deb5aa0dab576ea890f3e9
-
reg_key
56af94ecf1deb5aa0dab576ea890f3e9
-
splitter
|'|'|
Targets
-
-
Target
Twitter Crack.exe
-
Size
5.4MB
-
MD5
87e2016d2af2214bb8bd71b20adcecb4
-
SHA1
95e0c972f66ae2c0a6ffd41bf4aaeb24e6e567b1
-
SHA256
9703bf9f3b22e8a8cd3b2797a2da5a48d326c9dde57dbe4481b6cbc634b81f04
-
SHA512
b38ab45feaa97b689c11301e968c8b6087fa8513409fd0d517ff7d2d86ae9ca104e7d577c80cfb53fb87ddff684146326665385208674790220bcf5a19d6e81d
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-