General
-
Target
c0abec41705b4bdd837daf0df85f53ca.exe
-
Size
103KB
-
Sample
220318-rylfwsaed7
-
MD5
c0abec41705b4bdd837daf0df85f53ca
-
SHA1
02c5f31aa6e280bdd7f2bfcf35fc863a735380e1
-
SHA256
7cc4f1580d6f425b3025bdb83a4782bea363f6d8c1c7fa6374e159aa06327ca2
-
SHA512
7a30725213b50f20dc683ea894ea12c23b97a141aab54881d42191209e0044f584e739c1454533148880347fbfd13c25b6a6a732663870516f885ef289ce08e8
Behavioral task
behavioral1
Sample
c0abec41705b4bdd837daf0df85f53ca.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
c0abec41705b4bdd837daf0df85f53ca.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
njrat
im523
main
45.84.227.157:5012
1f4e92fbfae203cc3d0fa75e24979e94
-
reg_key
1f4e92fbfae203cc3d0fa75e24979e94
-
splitter
|'|'|
Targets
-
-
Target
c0abec41705b4bdd837daf0df85f53ca.exe
-
Size
103KB
-
MD5
c0abec41705b4bdd837daf0df85f53ca
-
SHA1
02c5f31aa6e280bdd7f2bfcf35fc863a735380e1
-
SHA256
7cc4f1580d6f425b3025bdb83a4782bea363f6d8c1c7fa6374e159aa06327ca2
-
SHA512
7a30725213b50f20dc683ea894ea12c23b97a141aab54881d42191209e0044f584e739c1454533148880347fbfd13c25b6a6a732663870516f885ef289ce08e8
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-