General
-
Target
6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9
-
Size
273KB
-
Sample
221130-psa2vsdg2y
-
MD5
943dfdf0cb1cd51076480b836bd70601
-
SHA1
38f473ac03dd3c9c1ff2b2230bc0e191f4d53050
-
SHA256
6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9
-
SHA512
928cafbbd79f4419e5e543c55aa1d3dc4fcb58cb5242f10ada2de1a926ff558719e84e3b1aab0e42ed73bd7bfb587869f33f7f8ba72ec3b3ce572d5f5010e8b1
-
SSDEEP
6144:at3aCHQiRgkktkhvgyFvatu6REsyzBaM577vWJeN1rj4:+qCwkgkktkhI8yY6Ral7/k
Static task
static1
Behavioral task
behavioral1
Sample
6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
byuac
queda2122.ddns.net:90
ff62a63ef9ea27a176ace35d8efdbe51
-
reg_key
ff62a63ef9ea27a176ace35d8efdbe51
-
splitter
|'|'|
Targets
-
-
Target
6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9
-
Size
273KB
-
MD5
943dfdf0cb1cd51076480b836bd70601
-
SHA1
38f473ac03dd3c9c1ff2b2230bc0e191f4d53050
-
SHA256
6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9
-
SHA512
928cafbbd79f4419e5e543c55aa1d3dc4fcb58cb5242f10ada2de1a926ff558719e84e3b1aab0e42ed73bd7bfb587869f33f7f8ba72ec3b3ce572d5f5010e8b1
-
SSDEEP
6144:at3aCHQiRgkktkhvgyFvatu6REsyzBaM577vWJeN1rj4:+qCwkgkktkhI8yY6Ral7/k
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-