General
-
Target
Eoise RP.exe
-
Size
93KB
-
Sample
230404-tqmebsad31
-
MD5
b6e38af9995b9d57ae246e480e0800f3
-
SHA1
8d0d668624671678798ce0b25e2a4e33aa8ffd33
-
SHA256
f31d6da4b820dcd1d5da0f9d1df4dcc21710594a5f50279853f7ec45ff93b131
-
SHA512
70a7643629bab293d5f0c31e324119b6b258adfa869a7714a1791e38bbdb1f400af15024a134a80cc091dc87c42fc3f45b057767dcae3e1ecdcdc56bbb3b3b1d
-
SSDEEP
768:fY3sCnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3IsGn:5CxOx6baIa9RZj00ljEwzGi1dDADDgS
Behavioral task
behavioral1
Sample
Eoise RP.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
NS50Y3AuZXUubmdyb2suaW8Strik:MTA2NjY=
efedbcc0b2164e2205d6d0c5aa037fab
-
reg_key
efedbcc0b2164e2205d6d0c5aa037fab
-
splitter
|'|'|
Targets
-
-
Target
Eoise RP.exe
-
Size
93KB
-
MD5
b6e38af9995b9d57ae246e480e0800f3
-
SHA1
8d0d668624671678798ce0b25e2a4e33aa8ffd33
-
SHA256
f31d6da4b820dcd1d5da0f9d1df4dcc21710594a5f50279853f7ec45ff93b131
-
SHA512
70a7643629bab293d5f0c31e324119b6b258adfa869a7714a1791e38bbdb1f400af15024a134a80cc091dc87c42fc3f45b057767dcae3e1ecdcdc56bbb3b3b1d
-
SSDEEP
768:fY3sCnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3IsGn:5CxOx6baIa9RZj00ljEwzGi1dDADDgS
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-