General
-
Target
c3daf76ae9091d522b94c3ce01b14b1472abf14cacb10123804b72bd7dbb99b3
-
Size
579KB
-
Sample
220701-dpy4qsbdh2
-
MD5
4c4bde75b118d7db7df062e12a71a601
-
SHA1
57446c07b6893592a2dcea4ffa4e80bb52fdfb53
-
SHA256
c3daf76ae9091d522b94c3ce01b14b1472abf14cacb10123804b72bd7dbb99b3
-
SHA512
f94d8f0dec04713a183d70860f6f90637fd0b14a14b78893df1ab99dcf70f582b1533a8569015800bebf855b09959693a332052dbe115706921f95aa12bf7bba
Static task
static1
Behavioral task
behavioral1
Sample
c3daf76ae9091d522b94c3ce01b14b1472abf14cacb10123804b72bd7dbb99b3.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
XmasMoney
185.244.30.248:4040
65846043dcc7fda8dafdf43614eb84ef
-
reg_key
65846043dcc7fda8dafdf43614eb84ef
-
splitter
|'|'|
Targets
-
-
Target
c3daf76ae9091d522b94c3ce01b14b1472abf14cacb10123804b72bd7dbb99b3
-
Size
579KB
-
MD5
4c4bde75b118d7db7df062e12a71a601
-
SHA1
57446c07b6893592a2dcea4ffa4e80bb52fdfb53
-
SHA256
c3daf76ae9091d522b94c3ce01b14b1472abf14cacb10123804b72bd7dbb99b3
-
SHA512
f94d8f0dec04713a183d70860f6f90637fd0b14a14b78893df1ab99dcf70f582b1533a8569015800bebf855b09959693a332052dbe115706921f95aa12bf7bba
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-