General
-
Target
03ecb1dced92a9d5d47e637372eff960.exe
-
Size
208KB
-
Sample
230729-z3fefaga3s
-
MD5
03ecb1dced92a9d5d47e637372eff960
-
SHA1
120d8dce954db8444a6343428fc600a80473a2f0
-
SHA256
0a49593c81bf56b744757aa895eef67e057a0ab303e80e0aa195de56dbe6bece
-
SHA512
991253a375de96476166a59dba6234022742301454039daf88f4eed089d72ef4875a5ca5245dbcf409acd3be9eb5ec10b7e932f4f2790d4ef2aaa25fd820fb21
-
SSDEEP
384:3DVUq67iFRNItImlQNQlk5aw5jn/BoKNQtCChhbAv4prY7DzbcXKgfU5Ppsdht1m:3pUZ7iFfuITlpVwhvpmQXKSz6vmp+6
Static task
static1
Behavioral task
behavioral1
Sample
03ecb1dced92a9d5d47e637372eff960.exe
Resource
win7-20230712-en
Malware Config
Extracted
njrat
0.7d
Lammer
0.tcp.sa.ngrok.io:11529
1703ba9cf7c907ac1a273b4cbdb493ba
-
reg_key
1703ba9cf7c907ac1a273b4cbdb493ba
-
splitter
|'|'|
Targets
-
-
Target
03ecb1dced92a9d5d47e637372eff960.exe
-
Size
208KB
-
MD5
03ecb1dced92a9d5d47e637372eff960
-
SHA1
120d8dce954db8444a6343428fc600a80473a2f0
-
SHA256
0a49593c81bf56b744757aa895eef67e057a0ab303e80e0aa195de56dbe6bece
-
SHA512
991253a375de96476166a59dba6234022742301454039daf88f4eed089d72ef4875a5ca5245dbcf409acd3be9eb5ec10b7e932f4f2790d4ef2aaa25fd820fb21
-
SSDEEP
384:3DVUq67iFRNItImlQNQlk5aw5jn/BoKNQtCChhbAv4prY7DzbcXKgfU5Ppsdht1m:3pUZ7iFfuITlpVwhvpmQXKSz6vmp+6
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-