General
-
Target
94866752deca8d905cd28d137e376b38ce4991bc7682926ee0969f799af64ce0
-
Size
689KB
-
Sample
220701-g3pzrsffbl
-
MD5
3e32554b279f6bf4406937ca57aa3c53
-
SHA1
6ec482d12218606a2294874adb425a541ce05273
-
SHA256
94866752deca8d905cd28d137e376b38ce4991bc7682926ee0969f799af64ce0
-
SHA512
3f467336ddbfa8c9d332e52d7f240a399352140cf71a3f452b1f817466b061b08c0015eef30a8e63edc8134c11d6efd46c4a5f636bfb443c45870968885b18c2
Static task
static1
Behavioral task
behavioral1
Sample
94866752deca8d905cd28d137e376b38ce4991bc7682926ee0969f799af64ce0.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
XmasMoney
185.244.30.248:4040
65846043dcc7fda8dafdf43614eb84ef
-
reg_key
65846043dcc7fda8dafdf43614eb84ef
-
splitter
|'|'|
Targets
-
-
Target
94866752deca8d905cd28d137e376b38ce4991bc7682926ee0969f799af64ce0
-
Size
689KB
-
MD5
3e32554b279f6bf4406937ca57aa3c53
-
SHA1
6ec482d12218606a2294874adb425a541ce05273
-
SHA256
94866752deca8d905cd28d137e376b38ce4991bc7682926ee0969f799af64ce0
-
SHA512
3f467336ddbfa8c9d332e52d7f240a399352140cf71a3f452b1f817466b061b08c0015eef30a8e63edc8134c11d6efd46c4a5f636bfb443c45870968885b18c2
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-