General
-
Target
83B1180E8794A4D719586D4F5FE237B37167EF93C186D.exe
-
Size
355KB
-
Sample
211127-wjkm9sfge4
-
MD5
22f26e034985e150cdeb214492905fd4
-
SHA1
08d5a4de12a85dce3aada80308274a87cc1a4195
-
SHA256
83b1180e8794a4d719586d4f5fe237b37167ef93c186d3c0976a70d39541c72f
-
SHA512
2a56fa454a0b90c0162b01be37d1441e80968babce7a065851efc4b1d8aeb76fdf6df1cae967032e925cc3516f44045d37f71acb29aeefc2e15b4c11db628007
Static task
static1
Behavioral task
behavioral1
Sample
83B1180E8794A4D719586D4F5FE237B37167EF93C186D.exe
Resource
win7-en-20211104
Malware Config
Extracted
njrat
im523
1
4.tcp.ngrok.io:11271
4e889e7da72189e24bc725ec5f51224f
-
reg_key
4e889e7da72189e24bc725ec5f51224f
-
splitter
|'|'|
Targets
-
-
Target
83B1180E8794A4D719586D4F5FE237B37167EF93C186D.exe
-
Size
355KB
-
MD5
22f26e034985e150cdeb214492905fd4
-
SHA1
08d5a4de12a85dce3aada80308274a87cc1a4195
-
SHA256
83b1180e8794a4d719586d4f5fe237b37167ef93c186d3c0976a70d39541c72f
-
SHA512
2a56fa454a0b90c0162b01be37d1441e80968babce7a065851efc4b1d8aeb76fdf6df1cae967032e925cc3516f44045d37f71acb29aeefc2e15b4c11db628007
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Stops running service(s)
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-