General
-
Target
0e3d9c223c5fb2dbc72c3f8b052f4339bbb67cb29499e570dd65e81c120476e3
-
Size
196KB
-
Sample
221128-wpq28sed26
-
MD5
09ac5a4b7adeaa368e03dd62472ede0e
-
SHA1
a875e1ad307e3b8ba6138ee7b7a88e3ceeb0abc9
-
SHA256
0e3d9c223c5fb2dbc72c3f8b052f4339bbb67cb29499e570dd65e81c120476e3
-
SHA512
ad53bf584f13d8029def52342670f474048d0e5c316c17f55d2c37a49fd9d7e4376c74965bed778eec2cf54f250e203800d040b277ab9801236f97cbc10b936d
-
SSDEEP
3072:xhdJbBJHxbV46T0XpppphJt5sEnEY4v6RC0yiQXTDn4sJW:XbBzh46T0XpppphJoT6Qzf4so
Static task
static1
Behavioral task
behavioral1
Sample
0e3d9c223c5fb2dbc72c3f8b052f4339bbb67cb29499e570dd65e81c120476e3.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.6.4
server
rachidhaythamdz.no-ip.biz:3000
7350b4ce4c5b9059b3abecb448b12322
-
reg_key
7350b4ce4c5b9059b3abecb448b12322
-
splitter
|'|'|
Targets
-
-
Target
0e3d9c223c5fb2dbc72c3f8b052f4339bbb67cb29499e570dd65e81c120476e3
-
Size
196KB
-
MD5
09ac5a4b7adeaa368e03dd62472ede0e
-
SHA1
a875e1ad307e3b8ba6138ee7b7a88e3ceeb0abc9
-
SHA256
0e3d9c223c5fb2dbc72c3f8b052f4339bbb67cb29499e570dd65e81c120476e3
-
SHA512
ad53bf584f13d8029def52342670f474048d0e5c316c17f55d2c37a49fd9d7e4376c74965bed778eec2cf54f250e203800d040b277ab9801236f97cbc10b936d
-
SSDEEP
3072:xhdJbBJHxbV46T0XpppphJt5sEnEY4v6RC0yiQXTDn4sJW:XbBzh46T0XpppphJoT6Qzf4so
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-