General
-
Target
baa39b6dd7f993583c3c877f33972906.exe
-
Size
37KB
-
Sample
230606-3yzt3agb49
-
MD5
baa39b6dd7f993583c3c877f33972906
-
SHA1
39608e3f124aaf0ae73b94ed1b79bfb4959c5370
-
SHA256
7527323a12bb2682047a438f8eb0b1ea4049e0733202fe0597e48dc00c1f23a4
-
SHA512
c27f55455eab3507b399a7fe15662485c780a43dd259f44f4faf0e2db804cc4f8b0dc25f5c34ba5ee050ddac528f6d1a0385a67f34c80449d0a1d0cceabca3f1
-
SSDEEP
384:4KwCT0i9rdTe/kCOyU7jcnZ8DfmTdrAF+rMRTyN/0L+EcoinblneHQM3epzXKNrY:R1J1CFU7jcC7m5rM+rMRa8NuYWt
Behavioral task
behavioral1
Sample
baa39b6dd7f993583c3c877f33972906.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
baa39b6dd7f993583c3c877f33972906.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.eu.ngrok.io:19554
a3e3a48b4a1c3f8d4bc114e02152973f
-
reg_key
a3e3a48b4a1c3f8d4bc114e02152973f
-
splitter
|'|'|
Targets
-
-
Target
baa39b6dd7f993583c3c877f33972906.exe
-
Size
37KB
-
MD5
baa39b6dd7f993583c3c877f33972906
-
SHA1
39608e3f124aaf0ae73b94ed1b79bfb4959c5370
-
SHA256
7527323a12bb2682047a438f8eb0b1ea4049e0733202fe0597e48dc00c1f23a4
-
SHA512
c27f55455eab3507b399a7fe15662485c780a43dd259f44f4faf0e2db804cc4f8b0dc25f5c34ba5ee050ddac528f6d1a0385a67f34c80449d0a1d0cceabca3f1
-
SSDEEP
384:4KwCT0i9rdTe/kCOyU7jcnZ8DfmTdrAF+rMRTyN/0L+EcoinblneHQM3epzXKNrY:R1J1CFU7jcC7m5rM+rMRa8NuYWt
Score8/10-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-