General
-
Target
1d1e55d56501a4c020359838798b5e9c.bin
-
Size
25KB
-
Sample
230721-bf7y6sbe36
-
MD5
43cdb974d61e9217e95cb4f45e85c436
-
SHA1
d72d7a3bcf71838f82ecb24f6dd3595d54a72cd0
-
SHA256
7502748f75535a8c6ff441827f84efdae82d01cf522d9ea786b78b7780004450
-
SHA512
71ff5550adce13fe38fa99e4b41170748bde80eb8fee5a0ae7fb5ef32b35d4c0461cfd8eb5bbd42acd4b05d09627879071aba33c1127155eb2ec4d9c3bdabc43
-
SSDEEP
768:1B1W4275d8dSkdMK3uN94hq5aCGiRRmA2MCnt5KAzfey:124qOSUh+Nyhq51cfBfey
Static task
static1
Behavioral task
behavioral1
Sample
3c8ae458a96eb7500d2c065c8232645ba3961e981bfaa1e4cbaf6f5d5558ee64.exe
Resource
win7-20230712-en
Malware Config
Extracted
njrat
0.7d
Lammer
0.tcp.sa.ngrok.io:17720
fbb489ebddedd970b62a6974bcec1446
-
reg_key
fbb489ebddedd970b62a6974bcec1446
-
splitter
|'|'|
Targets
-
-
Target
3c8ae458a96eb7500d2c065c8232645ba3961e981bfaa1e4cbaf6f5d5558ee64.exe
-
Size
208KB
-
MD5
1d1e55d56501a4c020359838798b5e9c
-
SHA1
049e20770fd71194141c2c0debdfafd317c56ca4
-
SHA256
3c8ae458a96eb7500d2c065c8232645ba3961e981bfaa1e4cbaf6f5d5558ee64
-
SHA512
054798f7f84677e07ecd1f19f4b387afbc24ad01bb3079b61eed182148a06e87595799816ee1931c15181097cbc769bbaa7d43c6dc04c669800272240d924d6e
-
SSDEEP
384:3DVUq67iFRNItImlQN2l0hj4draNwzDHIOu3nrd7DjdYt8Gn5u5nh7uTht1XKvj4:3pUZ7iFfuITgHwNet8Q5Z6vmp+v2o
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-