General
-
Target
11cd53140b10586632b8647ef744826921d2e4277f6e38beb8b5b046ece9e18e
-
Size
1.7MB
-
Sample
220315-ymc4psdfhn
-
MD5
7261afc8252acda5b54b5dab17397232
-
SHA1
e592a1ba2f4395b3b3f2e2b296073c4611138bdd
-
SHA256
11cd53140b10586632b8647ef744826921d2e4277f6e38beb8b5b046ece9e18e
-
SHA512
322fb0827bb8992edce73dac778e8f482c255808a0c219d4721cc9f648f161603f16ad1229347b75f0128c8c5a694cebd5183b87e394b02182bbd86d9c35ada0
Static task
static1
Behavioral task
behavioral1
Sample
11cd53140b10586632b8647ef744826921d2e4277f6e38beb8b5b046ece9e18e.exe
Resource
win7-20220310-en
Malware Config
Extracted
njrat
0.7d
Zombie
114.200.138.100:1
81b6bee12897b0925d873d3282345257
-
reg_key
81b6bee12897b0925d873d3282345257
-
splitter
|'|'|
Targets
-
-
Target
11cd53140b10586632b8647ef744826921d2e4277f6e38beb8b5b046ece9e18e
-
Size
1.7MB
-
MD5
7261afc8252acda5b54b5dab17397232
-
SHA1
e592a1ba2f4395b3b3f2e2b296073c4611138bdd
-
SHA256
11cd53140b10586632b8647ef744826921d2e4277f6e38beb8b5b046ece9e18e
-
SHA512
322fb0827bb8992edce73dac778e8f482c255808a0c219d4721cc9f648f161603f16ad1229347b75f0128c8c5a694cebd5183b87e394b02182bbd86d9c35ada0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-