General
-
Target
YENİ FATURA ÖDEME.exe
-
Size
374KB
-
Sample
220930-mxtcwseccn
-
MD5
0d051bde23f731b95d3cdbc8d57becc8
-
SHA1
fd9b5a9229335b70e3760ec4105a848e5b53b0ba
-
SHA256
0ac3073365fd3895969d8a99d1b8574dc08a814065908251da23fe37375ec1c4
-
SHA512
fa2ba28574a3da1b4e984100cf9364bfe4bce44aba977898034ed6bd1f0f2ed41f7ac5ea2cb398b4d58b4840a1a30b67f268d134d45bf8063bf6e3e582298215
-
SSDEEP
6144:4B+pgU+ihA+E/vke3h5RwL5/OymSH9ZS4p/d8NG:4gGionkeTRwL5/vJTSC80
Static task
static1
Behavioral task
behavioral1
Sample
YENİ FATURA ÖDEME.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
v2.0
HacKed
45.155.165.74:7778
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
YENİ FATURA ÖDEME.exe
-
Size
374KB
-
MD5
0d051bde23f731b95d3cdbc8d57becc8
-
SHA1
fd9b5a9229335b70e3760ec4105a848e5b53b0ba
-
SHA256
0ac3073365fd3895969d8a99d1b8574dc08a814065908251da23fe37375ec1c4
-
SHA512
fa2ba28574a3da1b4e984100cf9364bfe4bce44aba977898034ed6bd1f0f2ed41f7ac5ea2cb398b4d58b4840a1a30b67f268d134d45bf8063bf6e3e582298215
-
SSDEEP
6144:4B+pgU+ihA+E/vke3h5RwL5/OymSH9ZS4p/d8NG:4gGionkeTRwL5/vJTSC80
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-