General
-
Target
5.exe
-
Size
37KB
-
Sample
220326-hn97tsebgj
-
MD5
e817d74d13c658890ff3a4c01ab44c62
-
SHA1
bf0b97392e7d56eee0b63dc65efff4db883cb0c7
-
SHA256
2945881f15e98a18d27108a29963988190853838f34faf3020e6c3c97342672d
-
SHA512
8d90ef308c1e0b7e01e7732e2cd819f07bfc1ef06e523efa81694ced75550c9f1be460fc9de412faeb96273a6492580402ab9c9538ed441fc26d96b6785e7815
Behavioral task
behavioral1
Sample
5.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
5.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
njrat
im523
Bot
DanilWhiteNjrat-57320.portmap.host:57320
802f813d3810aa536753efbd3390b541
-
reg_key
802f813d3810aa536753efbd3390b541
-
splitter
|'|'|
Targets
-
-
Target
5.exe
-
Size
37KB
-
MD5
e817d74d13c658890ff3a4c01ab44c62
-
SHA1
bf0b97392e7d56eee0b63dc65efff4db883cb0c7
-
SHA256
2945881f15e98a18d27108a29963988190853838f34faf3020e6c3c97342672d
-
SHA512
8d90ef308c1e0b7e01e7732e2cd819f07bfc1ef06e523efa81694ced75550c9f1be460fc9de412faeb96273a6492580402ab9c9538ed441fc26d96b6785e7815
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-