General
-
Target
3fbb433c5836c281166a1b513483d192.exe
-
Size
385KB
-
Sample
221125-r75wwshh7w
-
MD5
3fbb433c5836c281166a1b513483d192
-
SHA1
659ae1de8a8026ed1c39d606f3d71dcf02da50d9
-
SHA256
2b178a6e38b12767d5032d4f265e6f6e6491a4e6dd7932000da44daadb276dd6
-
SHA512
7dca1d409c10d88296c20d01694bbfc0c045bf2c648abe29459b8a4839621ee95a6e3a26824c97de2f40902083e2d98d13d9d682e2da8e60553568f30f031be4
-
SSDEEP
6144:IHPiCekjRG4Pt5H0PpTjzyHhJ1qL47mj3C:FCeyNT1qs7m
Behavioral task
behavioral1
Sample
3fbb433c5836c281166a1b513483d192.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3fbb433c5836c281166a1b513483d192.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
aimbot injetavel (macro)
donaldsvip1234.ddns.net:1177
f688b827a43e9e4ecb105692c7327b94
-
reg_key
f688b827a43e9e4ecb105692c7327b94
-
splitter
|'|'|
Targets
-
-
Target
3fbb433c5836c281166a1b513483d192.exe
-
Size
385KB
-
MD5
3fbb433c5836c281166a1b513483d192
-
SHA1
659ae1de8a8026ed1c39d606f3d71dcf02da50d9
-
SHA256
2b178a6e38b12767d5032d4f265e6f6e6491a4e6dd7932000da44daadb276dd6
-
SHA512
7dca1d409c10d88296c20d01694bbfc0c045bf2c648abe29459b8a4839621ee95a6e3a26824c97de2f40902083e2d98d13d9d682e2da8e60553568f30f031be4
-
SSDEEP
6144:IHPiCekjRG4Pt5H0PpTjzyHhJ1qL47mj3C:FCeyNT1qs7m
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-