General
-
Target
Respalo.exe
-
Size
101KB
-
Sample
230602-kkanxaba4t
-
MD5
964c11b64832dfc0228228dc3041ad30
-
SHA1
44340a21dd37096807675f8ca68a111031480d01
-
SHA256
c015c0871db838b7225f72b293fdb88dbcea09aa258cfb5fe18e986072e9f793
-
SHA512
c0e843952d423335491f68169d67575a67952b5b7efeb98632f6d66453b1cae1440232f7c5fa8e7cf92cc8a9f5c8fa22ca522264968affff3aedb2997045fb9b
-
SSDEEP
1536:Q+CwHaUlNvEH6vBZkZcv9y5aD3BbOOzfso5fQT/inO3163BEDa:Q+voEBe35aD3BbOWso5fQDinQ63B+a
Static task
static1
Behavioral task
behavioral1
Sample
Respalo.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
respaldo2424.duckdns.org:9090
c959d74c7c9745cb
-
reg_key
c959d74c7c9745cb
-
splitter
@!#&^%$
Targets
-
-
Target
Respalo.exe
-
Size
101KB
-
MD5
964c11b64832dfc0228228dc3041ad30
-
SHA1
44340a21dd37096807675f8ca68a111031480d01
-
SHA256
c015c0871db838b7225f72b293fdb88dbcea09aa258cfb5fe18e986072e9f793
-
SHA512
c0e843952d423335491f68169d67575a67952b5b7efeb98632f6d66453b1cae1440232f7c5fa8e7cf92cc8a9f5c8fa22ca522264968affff3aedb2997045fb9b
-
SSDEEP
1536:Q+CwHaUlNvEH6vBZkZcv9y5aD3BbOOzfso5fQT/inO3163BEDa:Q+voEBe35aD3BbOWso5fQDinQ63B+a
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-