General
-
Target
daca1b92fb75a349e2973f63eaefab71d19ba35a3d655f607402a538d31dace6
-
Size
37KB
-
Sample
220520-z59q3agfgj
-
MD5
db08b20b26289b912b5fb399f54b3b7e
-
SHA1
e73a0226846bbfdcb64a2507f2773317b1f26511
-
SHA256
daca1b92fb75a349e2973f63eaefab71d19ba35a3d655f607402a538d31dace6
-
SHA512
25c4e59559e2c1e48309174643bef2535fa040e683272a8be7c9a95accd7c36d5de6def8025e586866233b85e1bcbea570eaf4f3c778cb43c8ea0e9261a9265d
Behavioral task
behavioral1
Sample
daca1b92fb75a349e2973f63eaefab71d19ba35a3d655f607402a538d31dace6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
daca1b92fb75a349e2973f63eaefab71d19ba35a3d655f607402a538d31dace6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
vip009988.ddns.net:2222
9d90632f968d93564077cfcbab6372c6
-
reg_key
9d90632f968d93564077cfcbab6372c6
-
splitter
|'|'|
Targets
-
-
Target
daca1b92fb75a349e2973f63eaefab71d19ba35a3d655f607402a538d31dace6
-
Size
37KB
-
MD5
db08b20b26289b912b5fb399f54b3b7e
-
SHA1
e73a0226846bbfdcb64a2507f2773317b1f26511
-
SHA256
daca1b92fb75a349e2973f63eaefab71d19ba35a3d655f607402a538d31dace6
-
SHA512
25c4e59559e2c1e48309174643bef2535fa040e683272a8be7c9a95accd7c36d5de6def8025e586866233b85e1bcbea570eaf4f3c778cb43c8ea0e9261a9265d
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-