General
-
Target
0afee0e91bf19efe819afbfc750dc29208543610fb9a7dd4471158455777a967
-
Size
184KB
-
Sample
220121-2smf4scbap
-
MD5
05d37e0bbd880a1b39418a8328148e73
-
SHA1
f9b1db221bc531abbf22124307f443460ce5eec9
-
SHA256
0afee0e91bf19efe819afbfc750dc29208543610fb9a7dd4471158455777a967
-
SHA512
2e6971fa81232555dec7ce4fde4e06181f3f5ed9ae863ff5860dd23bd0a17185a1ae176ed282c752ff57b1ee0826baeb5ee75222d893fe78feeaf5b3666a7c58
Static task
static1
Behavioral task
behavioral1
Sample
0afee0e91bf19efe819afbfc750dc29208543610fb9a7dd4471158455777a967.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0afee0e91bf19efe819afbfc750dc29208543610fb9a7dd4471158455777a967.exe
Resource
win10-en-20211208
Malware Config
Extracted
njrat
0.7.3
TULUA VALLE
tuluavalle3.duckdns.org:1990
Client.exe
-
reg_key
Client.exe
-
splitter
1990
Targets
-
-
Target
0afee0e91bf19efe819afbfc750dc29208543610fb9a7dd4471158455777a967
-
Size
184KB
-
MD5
05d37e0bbd880a1b39418a8328148e73
-
SHA1
f9b1db221bc531abbf22124307f443460ce5eec9
-
SHA256
0afee0e91bf19efe819afbfc750dc29208543610fb9a7dd4471158455777a967
-
SHA512
2e6971fa81232555dec7ce4fde4e06181f3f5ed9ae863ff5860dd23bd0a17185a1ae176ed282c752ff57b1ee0826baeb5ee75222d893fe78feeaf5b3666a7c58
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-