General
-
Target
Discord Nitro Generator.exe
-
Size
5.4MB
-
Sample
211107-gek1xahee4
-
MD5
036cf4e0867b7da5d61cca264d383aa7
-
SHA1
0924c45b9b1eba4060fb67d809813042cde0cd06
-
SHA256
03b9378b4ab9711d69a10151b1a82a88018d2f910a9111243f1abadfb6a8f7c5
-
SHA512
e71415ab39f4237a30c3bb83a23aa5474b1d0e1fe424dfe9447d758481e6c1fdc1891a90ab957e47bd6ac9ce8a5c608bc7d518f84a711fef259fcc12b3e27bab
Static task
static1
Behavioral task
behavioral1
Sample
Discord Nitro Generator.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Discord Nitro Generator.exe
Resource
win10-en-20211104
Malware Config
Extracted
njrat
0.6.4
white monkey
127.0.0.1:1177
56af94ecf1deb5aa0dab576ea890f3e9
-
reg_key
56af94ecf1deb5aa0dab576ea890f3e9
-
splitter
|'|'|
Targets
-
-
Target
Discord Nitro Generator.exe
-
Size
5.4MB
-
MD5
036cf4e0867b7da5d61cca264d383aa7
-
SHA1
0924c45b9b1eba4060fb67d809813042cde0cd06
-
SHA256
03b9378b4ab9711d69a10151b1a82a88018d2f910a9111243f1abadfb6a8f7c5
-
SHA512
e71415ab39f4237a30c3bb83a23aa5474b1d0e1fe424dfe9447d758481e6c1fdc1891a90ab957e47bd6ac9ce8a5c608bc7d518f84a711fef259fcc12b3e27bab
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-