General
-
Target
gtarpcheat.exe
-
Size
103KB
-
Sample
211221-y93ymseef6
-
MD5
c1baf97f7fb46569c697c3d719ad6cec
-
SHA1
82396f8670a064715b8c1bf6d54b84e3ccc90331
-
SHA256
9c722b7e216af094f3c8fc75011dac7b619ca0d83042ee7de350d08fccaf7feb
-
SHA512
17bdc72566b604b4794b4935022930001a344ebf485a996aaeaa9928a327edfb87a5c009bb400fae5720c43e92742d173677cfb3b33a5ae729c626031794e1eb
Behavioral task
behavioral1
Sample
gtarpcheat.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
gtarpcheat.exe
Resource
win10-en-20211208
Malware Config
Extracted
njrat
im523
GTA RP
microsoftsecurityessentials.duckdns.org:1177
2d2d20531cddc7f18203ecb28deee8a9
-
reg_key
2d2d20531cddc7f18203ecb28deee8a9
-
splitter
|'|'|
Targets
-
-
Target
gtarpcheat.exe
-
Size
103KB
-
MD5
c1baf97f7fb46569c697c3d719ad6cec
-
SHA1
82396f8670a064715b8c1bf6d54b84e3ccc90331
-
SHA256
9c722b7e216af094f3c8fc75011dac7b619ca0d83042ee7de350d08fccaf7feb
-
SHA512
17bdc72566b604b4794b4935022930001a344ebf485a996aaeaa9928a327edfb87a5c009bb400fae5720c43e92742d173677cfb3b33a5ae729c626031794e1eb
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-