Overview

overview

10

Static

static

Comprovante.ppam

windows7_x64

10

Comprovante.ppam

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Comprovante.ppam

  • Size

    13KB

  • Sample

    211220-kmkxnaaac4

  • MD5

    c02f40191ce31084bdc4706fefd23f45

  • SHA1

    5acfdc101f5e04971401f4c753d50e32b9b65e1c

  • SHA256

    d91955e4a8afca7dd4322b979227a28d58193d871e437334ee77a5a8756bd48c

  • SHA512

    2e9230f073fcd72b27560c6abc302a3d88eb411454b15d515aa669f06beafeb293a410e2cd65197e7cfe3d8db8eae2486f7ce8ee4adede61c91dd29342c128bd

Score
10/10
njrattrojan

Malware Config

Targets

    • Target

      Comprovante.ppam

    • Size

      13KB

    • MD5

      c02f40191ce31084bdc4706fefd23f45

    • SHA1

      5acfdc101f5e04971401f4c753d50e32b9b65e1c

    • SHA256

      d91955e4a8afca7dd4322b979227a28d58193d871e437334ee77a5a8756bd48c

    • SHA512

      2e9230f073fcd72b27560c6abc302a3d88eb411454b15d515aa669f06beafeb293a410e2cd65197e7cfe3d8db8eae2486f7ce8ee4adede61c91dd29342c128bd

    Score
    10/10
    njrattrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks