General
-
Target
6e0b69032f1c0c4fb88b567491628c27848f853f8b5f056ec033ac31f858fbc7
-
Size
608KB
-
Sample
220701-h41ckahedk
-
MD5
9cb2e4bbd5b87385d966fd1087166505
-
SHA1
18334afaa211687989c4bf4530493a5587cf71a8
-
SHA256
6e0b69032f1c0c4fb88b567491628c27848f853f8b5f056ec033ac31f858fbc7
-
SHA512
2c1a131b2227341dfea6fef9eea5b71dd1ac1978766e468a4e755bd86c99a4a4db8f43533829c54f1973eeeb353af0fb4f8677877db53c3bd97b307e2d1755c0
Static task
static1
Behavioral task
behavioral1
Sample
6e0b69032f1c0c4fb88b567491628c27848f853f8b5f056ec033ac31f858fbc7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6e0b69032f1c0c4fb88b567491628c27848f853f8b5f056ec033ac31f858fbc7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
XmasMoney
185.244.30.248:4040
65846043dcc7fda8dafdf43614eb84ef
-
reg_key
65846043dcc7fda8dafdf43614eb84ef
-
splitter
|'|'|
Targets
-
-
Target
6e0b69032f1c0c4fb88b567491628c27848f853f8b5f056ec033ac31f858fbc7
-
Size
608KB
-
MD5
9cb2e4bbd5b87385d966fd1087166505
-
SHA1
18334afaa211687989c4bf4530493a5587cf71a8
-
SHA256
6e0b69032f1c0c4fb88b567491628c27848f853f8b5f056ec033ac31f858fbc7
-
SHA512
2c1a131b2227341dfea6fef9eea5b71dd1ac1978766e468a4e755bd86c99a4a4db8f43533829c54f1973eeeb353af0fb4f8677877db53c3bd97b307e2d1755c0
Score10/10-
Modifies Windows Firewall
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-