General
-
Target
Quotation.pdf.exe
-
Size
229KB
-
Sample
230406-g4bhrsdf5t
-
MD5
b73b5d482e753f160b3d20f4773ae948
-
SHA1
7886189a0573de3a0558290b03935856bbfa1f29
-
SHA256
19e95f9db29b995c1b9087fa81469adff0dc88c6ca58fae1d8193c5c5712614c
-
SHA512
1b8aac45e90dbc34b03283cbd343327f22e480c9a649ff8fcc64b6741098bc5454c9b12d12c8bfbba0e73e96a3827aa6b66693b6ace6157b3c0c1e5ce4e92d25
-
SSDEEP
3072:I9t2iLK6JG6x3cf6bX2jQaLP6FehXBy0o51itud4DSqE9jeAZwFMjyiVC0gAm6:IPPlJG6xxbcz64Py0O12udoEUA5I
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Quotation.pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
109.206.243.59:4444
167d229cd9c981018cf48a214b56b50d
-
reg_key
167d229cd9c981018cf48a214b56b50d
-
splitter
|'|'|
Targets
-
-
Target
Quotation.pdf.exe
-
Size
229KB
-
MD5
b73b5d482e753f160b3d20f4773ae948
-
SHA1
7886189a0573de3a0558290b03935856bbfa1f29
-
SHA256
19e95f9db29b995c1b9087fa81469adff0dc88c6ca58fae1d8193c5c5712614c
-
SHA512
1b8aac45e90dbc34b03283cbd343327f22e480c9a649ff8fcc64b6741098bc5454c9b12d12c8bfbba0e73e96a3827aa6b66693b6ace6157b3c0c1e5ce4e92d25
-
SSDEEP
3072:I9t2iLK6JG6x3cf6bX2jQaLP6FehXBy0o51itud4DSqE9jeAZwFMjyiVC0gAm6:IPPlJG6xxbcz64Py0O12udoEUA5I
Score10/10-
Modifies Windows Firewall
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-