General
-
Target
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
Size
255KB
-
Sample
221004-b3gqhafhak
-
MD5
692cc299413a63e12db0be146ad906e0
-
SHA1
6f2c1dc4b26c21784f9ee4fb850abad30d4e0850
-
SHA256
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
SHA512
674c4c9502b91ed9d445e058c6ce69eb301ece610b99d73fbce9ba143fde2d862b3677ab378a319cbbdc8fb3000ae3996a0f64c329e4dbc3ed44e79504cfd505
-
SSDEEP
6144:bvAEij0W9CjZKtA547QBrdrpw6Eqt1pNJP:bvADjojU6WUdrqzKJP
Static task
static1
Behavioral task
behavioral1
Sample
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
yahoo
aseel123.ddns.net:5552
36553d30eb61b8600f25930b74bb73c4
-
reg_key
36553d30eb61b8600f25930b74bb73c4
-
splitter
|'|'|
Targets
-
-
Target
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
Size
255KB
-
MD5
692cc299413a63e12db0be146ad906e0
-
SHA1
6f2c1dc4b26c21784f9ee4fb850abad30d4e0850
-
SHA256
97af4157796dfb09c3bd51c4988c4bac1b0a6210256e266cc2f4236bccc9f5d9
-
SHA512
674c4c9502b91ed9d445e058c6ce69eb301ece610b99d73fbce9ba143fde2d862b3677ab378a319cbbdc8fb3000ae3996a0f64c329e4dbc3ed44e79504cfd505
-
SSDEEP
6144:bvAEij0W9CjZKtA547QBrdrpw6Eqt1pNJP:bvADjojU6WUdrqzKJP
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-