General
-
Target
97bc8df2edcb87a49e9dedc6ae7952699276031344d3ed97f06a56273fdcd5b2
-
Size
240KB
-
Sample
221003-rbthzsabf8
-
MD5
6a24d3a2c5eff925493a56cf4badfa40
-
SHA1
d0ac8ce3991435ff4d08eaf214166534c7fedc04
-
SHA256
97bc8df2edcb87a49e9dedc6ae7952699276031344d3ed97f06a56273fdcd5b2
-
SHA512
fb6aa516f0f0f85c9f22f54ec0ab8c321bca299b0ee8acfa89267610accd83244d6e8f721f375644f3477d5f0be5bffbb2dc256038ef4b4c42a898dcc2f530d1
-
SSDEEP
3072:bKXSOyTcwFIvP4/5PWCYzTwuq+O/20nfSyk:bUSOyT2C2Tcur
Static task
static1
Behavioral task
behavioral1
Sample
97bc8df2edcb87a49e9dedc6ae7952699276031344d3ed97f06a56273fdcd5b2.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
rawaz.no-ip.biz:1177
e2938176ad4f8955a927d3a3225a361f
-
reg_key
e2938176ad4f8955a927d3a3225a361f
-
splitter
|'|'|
Targets
-
-
Target
97bc8df2edcb87a49e9dedc6ae7952699276031344d3ed97f06a56273fdcd5b2
-
Size
240KB
-
MD5
6a24d3a2c5eff925493a56cf4badfa40
-
SHA1
d0ac8ce3991435ff4d08eaf214166534c7fedc04
-
SHA256
97bc8df2edcb87a49e9dedc6ae7952699276031344d3ed97f06a56273fdcd5b2
-
SHA512
fb6aa516f0f0f85c9f22f54ec0ab8c321bca299b0ee8acfa89267610accd83244d6e8f721f375644f3477d5f0be5bffbb2dc256038ef4b4c42a898dcc2f530d1
-
SSDEEP
3072:bKXSOyTcwFIvP4/5PWCYzTwuq+O/20nfSyk:bUSOyT2C2Tcur
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-