General
-
Target
11820b9031e1a4100acb4e0d3a7549c0.exe
-
Size
37KB
-
Sample
220812-bf3pfshba5
-
MD5
11820b9031e1a4100acb4e0d3a7549c0
-
SHA1
67b0d0fc95387f19439e4927723678ccb435e25a
-
SHA256
e7aae5f5dff1dfaace5aa89edd80cbc921a324ce8492de922f46178aa4432e36
-
SHA512
8b43954a0857870ec404a309cfa062a1a324af2ecc2529d810c7eaef888449f1462c2cc93fb738762b81e10835bdbe0f8ff33149c6cc96b521431be8ccef5e8d
Behavioral task
behavioral1
Sample
11820b9031e1a4100acb4e0d3a7549c0.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
11820b9031e1a4100acb4e0d3a7549c0.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:10505
a3742eaaf27c5324d5510354d9aa6cf3
-
reg_key
a3742eaaf27c5324d5510354d9aa6cf3
-
splitter
|'|'|
Targets
-
-
Target
11820b9031e1a4100acb4e0d3a7549c0.exe
-
Size
37KB
-
MD5
11820b9031e1a4100acb4e0d3a7549c0
-
SHA1
67b0d0fc95387f19439e4927723678ccb435e25a
-
SHA256
e7aae5f5dff1dfaace5aa89edd80cbc921a324ce8492de922f46178aa4432e36
-
SHA512
8b43954a0857870ec404a309cfa062a1a324af2ecc2529d810c7eaef888449f1462c2cc93fb738762b81e10835bdbe0f8ff33149c6cc96b521431be8ccef5e8d
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-