General
-
Target
Client.exe
-
Size
31KB
-
Sample
221207-zfevdsga65
-
MD5
cce84a59d2b090a31e57d0a72ad74fa2
-
SHA1
a9a44dc4626a68e40a5b5fb7a7d0f7fad309e06c
-
SHA256
74dda7038473283d4574897cf07ce1cad1ea4d47cbf24cb1d17bf29f1cd4df74
-
SHA512
c291bae5dea8a60b32aba72ca9839c717478b10439237ab0edc3230f4dbee1cd2d296c9d984bd865454304f47f3f37e3f11560d010a76ba9f2feecf4cb1222c9
-
SSDEEP
768:GDirDp8pdvXyzx9uFwna/5nW3TvanQmIDUu0tiLfj:Fw68nQbkQVkej
Malware Config
Extracted
njrat
0.7d
Test
87.1.10.253:6522
9057ef5c5e88ed748f4a1200ec63197e
-
reg_key
9057ef5c5e88ed748f4a1200ec63197e
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
Client.exe
-
Size
31KB
-
MD5
cce84a59d2b090a31e57d0a72ad74fa2
-
SHA1
a9a44dc4626a68e40a5b5fb7a7d0f7fad309e06c
-
SHA256
74dda7038473283d4574897cf07ce1cad1ea4d47cbf24cb1d17bf29f1cd4df74
-
SHA512
c291bae5dea8a60b32aba72ca9839c717478b10439237ab0edc3230f4dbee1cd2d296c9d984bd865454304f47f3f37e3f11560d010a76ba9f2feecf4cb1222c9
-
SSDEEP
768:GDirDp8pdvXyzx9uFwna/5nW3TvanQmIDUu0tiLfj:Fw68nQbkQVkej
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-