General
-
Target
PH9jefkj.exe
-
Size
37KB
-
Sample
211212-xgyb1sdgdj
-
MD5
f6251732b4bf312672d9dde78134eaf2
-
SHA1
858dee5a0ea51eb25495ce9db3fc7975be3c1aac
-
SHA256
a3ee9ac3edd5ece7b4c02143421f478e48f45ae733f14537ef8bd04e59250d1c
-
SHA512
4e6e70151e982d281013848759722bdc3acd43c495713de4d309b3acd341b9e655e59873e98f8f203f7f3b0d44cb3d3945efd92247cbbfd293f17a42b7362675
Behavioral task
behavioral1
Sample
PH9jefkj.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PH9jefkj.exe
Resource
win10-en-20211208
Malware Config
Extracted
njrat
im523
HacKed
127.0.0.1:99
aa4089dfc7bb54b7fb8176851e23da42
-
reg_key
aa4089dfc7bb54b7fb8176851e23da42
-
splitter
|'|'|
Targets
-
-
Target
PH9jefkj.exe
-
Size
37KB
-
MD5
f6251732b4bf312672d9dde78134eaf2
-
SHA1
858dee5a0ea51eb25495ce9db3fc7975be3c1aac
-
SHA256
a3ee9ac3edd5ece7b4c02143421f478e48f45ae733f14537ef8bd04e59250d1c
-
SHA512
4e6e70151e982d281013848759722bdc3acd43c495713de4d309b3acd341b9e655e59873e98f8f203f7f3b0d44cb3d3945efd92247cbbfd293f17a42b7362675
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-