General
-
Target
ComprovanteXdeXpagamento.ppam
-
Size
16KB
-
Sample
220107-khlndscdgr
-
MD5
24837cf811c93b906c06d3db85b85be7
-
SHA1
472997f54ba0814a76e93657b16bb87d97aba2cf
-
SHA256
edba3ca498110106418658167533034aeb929276fe81de80c6de1a6bb95120e0
-
SHA512
60eae17e267d406e9b01f8858482a9bfb47d0cf89aa56f2f533e659cbcdb9f55c1b9db2f87dab3c201b838764b5c17d9bc535ae9ed42dbd0464e59a3951cd9d7
Static task
static1
Behavioral task
behavioral1
Sample
ComprovanteXdeXpagamento.ppam
Resource
win7-en-20211208
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
fidapeste2.duckdns.org:5552
a918117a6dc84b8a
-
reg_key
a918117a6dc84b8a
-
splitter
@!#&^%$
Targets
-
-
Target
ComprovanteXdeXpagamento.ppam
-
Size
16KB
-
MD5
24837cf811c93b906c06d3db85b85be7
-
SHA1
472997f54ba0814a76e93657b16bb87d97aba2cf
-
SHA256
edba3ca498110106418658167533034aeb929276fe81de80c6de1a6bb95120e0
-
SHA512
60eae17e267d406e9b01f8858482a9bfb47d0cf89aa56f2f533e659cbcdb9f55c1b9db2f87dab3c201b838764b5c17d9bc535ae9ed42dbd0464e59a3951cd9d7
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-