General
-
Target
f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712
-
Size
156KB
-
Sample
221128-w1yapabd21
-
MD5
8a82e2eeadc35797cce2693829faea6b
-
SHA1
b72f2c193760316e460d72fa810733a071eb4a9b
-
SHA256
f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712
-
SHA512
a1324c7e38d34a1791f1928fcf04a7d68adcf0034a5f8587ea97ddf97a902f110f310824d7c01f8729c365824ed4abbe5bc37a0edc52f2e7fea1d9080965157b
-
SSDEEP
3072:Wfsz/rx2+/PMBIqzdNdcxbBhlv3hXqBGsb0lEhaJiq1jtQAiZrmN:EsXxl/PMB9iTPxqIsbbhQ1yAr
Static task
static1
Behavioral task
behavioral1
Sample
f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
eddd
mike.blogsyte.com:9003
d26a615b5b8cb345ade630f3f28a2b75
-
reg_key
d26a615b5b8cb345ade630f3f28a2b75
-
splitter
|'|'|
Targets
-
-
Target
f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712
-
Size
156KB
-
MD5
8a82e2eeadc35797cce2693829faea6b
-
SHA1
b72f2c193760316e460d72fa810733a071eb4a9b
-
SHA256
f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712
-
SHA512
a1324c7e38d34a1791f1928fcf04a7d68adcf0034a5f8587ea97ddf97a902f110f310824d7c01f8729c365824ed4abbe5bc37a0edc52f2e7fea1d9080965157b
-
SSDEEP
3072:Wfsz/rx2+/PMBIqzdNdcxbBhlv3hXqBGsb0lEhaJiq1jtQAiZrmN:EsXxl/PMB9iTPxqIsbbhQ1yAr
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Suspicious use of SetThreadContext
-