General
-
Target
8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
-
Size
738KB
-
Sample
221125-yvbwlsca25
-
MD5
1ee9c22dc830a95763067c33f8473e52
-
SHA1
70ab9235f7dffbcce9b2f9828412c9c44ab47a38
-
SHA256
8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
-
SHA512
409124e9ab2794437b809b872f3fc07b2520ac79568844b0e5f541281378ad1a4449727093e39e3582d65c0a13b093549beb63bceeeea0b889ee7f2b29817ca4
-
SSDEEP
12288:jLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QS1BVbbWQ:3fmMv6Ckr7Mny5QsFZ
Static task
static1
Behavioral task
behavioral1
Sample
8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
suspended.duckdns.org:5552
ca324c664c8ab38c5267b9c2353adf44
-
reg_key
ca324c664c8ab38c5267b9c2353adf44
-
splitter
|'|'|
Targets
-
-
Target
8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
-
Size
738KB
-
MD5
1ee9c22dc830a95763067c33f8473e52
-
SHA1
70ab9235f7dffbcce9b2f9828412c9c44ab47a38
-
SHA256
8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
-
SHA512
409124e9ab2794437b809b872f3fc07b2520ac79568844b0e5f541281378ad1a4449727093e39e3582d65c0a13b093549beb63bceeeea0b889ee7f2b29817ca4
-
SSDEEP
12288:jLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QS1BVbbWQ:3fmMv6Ckr7Mny5QsFZ
-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-