General
-
Target
99219aa34910a8c28a6bfc96a6a58247fb1aa6c0cd0abd4af5445aa0ba359525.exe
-
Size
37KB
-
Sample
230609-ev281sbf7s
-
MD5
b17414d6949c2e013de14fdc268cfc89
-
SHA1
21f52aadfe9691ed8d28415ec0f31c8507cc6e32
-
SHA256
99219aa34910a8c28a6bfc96a6a58247fb1aa6c0cd0abd4af5445aa0ba359525
-
SHA512
812806987016518ae7270e5ef2ca9e580684943a9fde797756f4c7c7221144fb8bb2aab8e1eed8c879d2fa9b2da5c95382d96a65e395b9527bbf3e2fdd8f0e59
-
SSDEEP
768:5YdqHpR9EfZnuCCFMXsrM+rMRa8NugUOt:isHpRyBnA6X/+gRJNHU
Behavioral task
behavioral1
Sample
99219aa34910a8c28a6bfc96a6a58247fb1aa6c0cd0abd4af5445aa0ba359525.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
im523
Discord
176.37.53.55:7777
4e9eb192f2892f9e22c0f13eb935b2a7
-
reg_key
4e9eb192f2892f9e22c0f13eb935b2a7
-
splitter
|'|'|
Targets
-
-
Target
99219aa34910a8c28a6bfc96a6a58247fb1aa6c0cd0abd4af5445aa0ba359525.exe
-
Size
37KB
-
MD5
b17414d6949c2e013de14fdc268cfc89
-
SHA1
21f52aadfe9691ed8d28415ec0f31c8507cc6e32
-
SHA256
99219aa34910a8c28a6bfc96a6a58247fb1aa6c0cd0abd4af5445aa0ba359525
-
SHA512
812806987016518ae7270e5ef2ca9e580684943a9fde797756f4c7c7221144fb8bb2aab8e1eed8c879d2fa9b2da5c95382d96a65e395b9527bbf3e2fdd8f0e59
-
SSDEEP
768:5YdqHpR9EfZnuCCFMXsrM+rMRa8NugUOt:isHpRyBnA6X/+gRJNHU
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-