General
-
Target
Twitter Hacking Tool.exe
-
Size
5.4MB
-
Sample
211111-22txjsccf4
-
MD5
c17a1a08f40029c5134c7dfee8855c62
-
SHA1
aeddeda74af8d0645090be751a8f1a9a389a7fa9
-
SHA256
6d03ac7f036581531299dec4e1dd380bf19e17b88dcf43dcc5a6eae62ab87a6c
-
SHA512
b27076e68926b751c3496eb7fb029a0840ca9d630d1b27c6f329cbad789b0c89d2c5453ff519ef165d9cf99a0f2e57905fe08d290084f9d10559d58090bc57d3
Static task
static1
Behavioral task
behavioral1
Sample
Twitter Hacking Tool.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Twitter Hacking Tool.exe
Resource
win10-en-20211104
Malware Config
Extracted
njrat
0.6.4
white monkey
127.0.0.1:1177
56af94ecf1deb5aa0dab576ea890f3e9
-
reg_key
56af94ecf1deb5aa0dab576ea890f3e9
-
splitter
|'|'|
Targets
-
-
Target
Twitter Hacking Tool.exe
-
Size
5.4MB
-
MD5
c17a1a08f40029c5134c7dfee8855c62
-
SHA1
aeddeda74af8d0645090be751a8f1a9a389a7fa9
-
SHA256
6d03ac7f036581531299dec4e1dd380bf19e17b88dcf43dcc5a6eae62ab87a6c
-
SHA512
b27076e68926b751c3496eb7fb029a0840ca9d630d1b27c6f329cbad789b0c89d2c5453ff519ef165d9cf99a0f2e57905fe08d290084f9d10559d58090bc57d3
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-