General
-
Target
ba4ad55b9b84dfc2484cd3558bb4a0b40bb4bfc7c712204e1a0512b8f05d781b
-
Size
111KB
-
Sample
221125-z1hf1sfc64
-
MD5
f7645c8ccdb09cfae8f70d5a8f84c078
-
SHA1
6be336396334983b4b3d22de6fb02688475d8023
-
SHA256
ba4ad55b9b84dfc2484cd3558bb4a0b40bb4bfc7c712204e1a0512b8f05d781b
-
SHA512
d6588df16b488aef63e3abfdc46b16b66c1c949f6a62b68865510b682a035612e700a0653026f3e7b835f8a2cc58e58f153ef5a4ee021beead63db8b3d9ca1a0
-
SSDEEP
3072:tiBtzo/hK6UeoiXLQemnmpMOKlSbnnfW5:GWhKjWXMemmOOKlWf
Static task
static1
Behavioral task
behavioral1
Sample
ba4ad55b9b84dfc2484cd3558bb4a0b40bb4bfc7c712204e1a0512b8f05d781b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ba4ad55b9b84dfc2484cd3558bb4a0b40bb4bfc7c712204e1a0512b8f05d781b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
HacK
voip19.ddns.net:5552
01d5da98c29544bb9318cf6408732310
-
reg_key
01d5da98c29544bb9318cf6408732310
-
splitter
|'|'|
Targets
-
-
Target
ba4ad55b9b84dfc2484cd3558bb4a0b40bb4bfc7c712204e1a0512b8f05d781b
-
Size
111KB
-
MD5
f7645c8ccdb09cfae8f70d5a8f84c078
-
SHA1
6be336396334983b4b3d22de6fb02688475d8023
-
SHA256
ba4ad55b9b84dfc2484cd3558bb4a0b40bb4bfc7c712204e1a0512b8f05d781b
-
SHA512
d6588df16b488aef63e3abfdc46b16b66c1c949f6a62b68865510b682a035612e700a0653026f3e7b835f8a2cc58e58f153ef5a4ee021beead63db8b3d9ca1a0
-
SSDEEP
3072:tiBtzo/hK6UeoiXLQemnmpMOKlSbnnfW5:GWhKjWXMemmOOKlWf
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-