General
-
Target
09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
-
Size
110KB
-
Sample
221001-3wsmzacef6
-
MD5
e2244ad72eb4152a062e3eeb5ce1891d
-
SHA1
abfa32d92c0c32b380080f4ba15fbce5a72afb3e
-
SHA256
09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
-
SHA512
0fbd09fb6ce628c416e0252fcfba5e5323f8c2383dff38dc246ea0f1e8e419d0e2b39af150823455f384442259a2d519e05ad25673bc91a7b3979eb425066d5f
-
SSDEEP
1536:I08asokr96ISsdi9wMEkDN63QqMOzOIuxUNUnSqo/f2cDTNX3pc4gggYiURpB5Rf:1sFrHSsW6gnXcUnS9fhHh3pHjGH2KgB
Static task
static1
Behavioral task
behavioral1
Sample
09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
omarosama123456.ddns.net:1177
456cebe97b6e0b79767853fec7f09165
-
reg_key
456cebe97b6e0b79767853fec7f09165
-
splitter
|'|'|
Targets
-
-
Target
09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
-
Size
110KB
-
MD5
e2244ad72eb4152a062e3eeb5ce1891d
-
SHA1
abfa32d92c0c32b380080f4ba15fbce5a72afb3e
-
SHA256
09a09aafb99588cd17b81a7c33fe66ca7813b4f9d68944b56ed05b3969f8e474
-
SHA512
0fbd09fb6ce628c416e0252fcfba5e5323f8c2383dff38dc246ea0f1e8e419d0e2b39af150823455f384442259a2d519e05ad25673bc91a7b3979eb425066d5f
-
SSDEEP
1536:I08asokr96ISsdi9wMEkDN63QqMOzOIuxUNUnSqo/f2cDTNX3pc4gggYiURpB5Rf:1sFrHSsW6gnXcUnS9fhHh3pHjGH2KgB
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-