General
-
Target
5b9c94b55944d98483b6f79e0886baf344f579d4.xlam
-
Size
17KB
-
Sample
211103-qs2egsdhd7
-
MD5
f4ea7a9daa7defa4e9e3c54301f31973
-
SHA1
5b9c94b55944d98483b6f79e0886baf344f579d4
-
SHA256
5115b61255546bf812e84d215a21c0257897397669df2dab882bfb29161e698d
-
SHA512
7f67ed6aa41a22cd8e3b3dedfb6df4fa6a1400a766c2f8b151584e245c896cffc5aa1d52f23e2725066b7526fb82c6df4f2cc0793c94d55892ccd1559ca5662d
Static task
static1
Behavioral task
behavioral1
Sample
5b9c94b55944d98483b6f79e0886baf344f579d4.xlam
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
5b9c94b55944d98483b6f79e0886baf344f579d4.xlam
Resource
win10-en-20211014
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
stayup.sytes.net:1430
4aabbfc96630
-
reg_key
4aabbfc96630
-
splitter
@!#&^%$
Targets
-
-
Target
5b9c94b55944d98483b6f79e0886baf344f579d4.xlam
-
Size
17KB
-
MD5
f4ea7a9daa7defa4e9e3c54301f31973
-
SHA1
5b9c94b55944d98483b6f79e0886baf344f579d4
-
SHA256
5115b61255546bf812e84d215a21c0257897397669df2dab882bfb29161e698d
-
SHA512
7f67ed6aa41a22cd8e3b3dedfb6df4fa6a1400a766c2f8b151584e245c896cffc5aa1d52f23e2725066b7526fb82c6df4f2cc0793c94d55892ccd1559ca5662d
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-