General
-
Target
9b3a482edc6ae1fe84702f0c697cee06.exe
-
Size
37KB
-
Sample
211225-ld9ebshfh5
-
MD5
9b3a482edc6ae1fe84702f0c697cee06
-
SHA1
96626b3a6b6b5705777f7cbbb3840e9f1a0503f6
-
SHA256
3f9bb1c9753bd62335fec0e396d8f0948225069c29f0f91da9a42384db9dff55
-
SHA512
2eeb8ad663954fa43648b0f3d411bb6dbf7179ac9a42970f1cd8bc4ff4a7c97160669839fa3796e3ce700793d465acf0877b0ae4bc9efad2bc5ec90f4e9f883d
Behavioral task
behavioral1
Sample
9b3a482edc6ae1fe84702f0c697cee06.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9b3a482edc6ae1fe84702f0c697cee06.exe
Resource
win10-en-20211208
Malware Config
Extracted
njrat
im523
HacKed
6.tcp.ngrok.io:16955
aa742da771073f99b2c491a0bc473697
-
reg_key
aa742da771073f99b2c491a0bc473697
-
splitter
|'|'|
Targets
-
-
Target
9b3a482edc6ae1fe84702f0c697cee06.exe
-
Size
37KB
-
MD5
9b3a482edc6ae1fe84702f0c697cee06
-
SHA1
96626b3a6b6b5705777f7cbbb3840e9f1a0503f6
-
SHA256
3f9bb1c9753bd62335fec0e396d8f0948225069c29f0f91da9a42384db9dff55
-
SHA512
2eeb8ad663954fa43648b0f3d411bb6dbf7179ac9a42970f1cd8bc4ff4a7c97160669839fa3796e3ce700793d465acf0877b0ae4bc9efad2bc5ec90f4e9f883d
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-