General
-
Target
03ecb1dced92a9d5d47e637372eff960.bin
-
Size
25KB
-
Sample
230731-bcpy7aca26
-
MD5
b46e4491e50eec891b26ffab11fa735f
-
SHA1
2760526e665daa661d5be03a2e2b62cab144f2d0
-
SHA256
5c857adcabe3f153c10b771fbf5fd671322e075c61af1f9fe5e9935e9bfa35d1
-
SHA512
044d48d0bd81ed3e62e2365b5ca6902d775afb5581f76626e5e2ebc9f6c699f03f6c27276aad9283dc5dd3d867697b8875c6c87c79ca172f8dc8f08db4e38ea3
-
SSDEEP
768:qQLwl66H5vlxXTjyakhw4r7mCw1TSD8Jr/65:pG6IlBjyap0XO/8
Static task
static1
Behavioral task
behavioral1
Sample
0a49593c81bf56b744757aa895eef67e057a0ab303e80e0aa195de56dbe6bece.exe
Resource
win7-20230712-en
Malware Config
Extracted
njrat
0.7d
Lammer
0.tcp.sa.ngrok.io:11529
1703ba9cf7c907ac1a273b4cbdb493ba
-
reg_key
1703ba9cf7c907ac1a273b4cbdb493ba
-
splitter
|'|'|
Targets
-
-
Target
0a49593c81bf56b744757aa895eef67e057a0ab303e80e0aa195de56dbe6bece.exe
-
Size
208KB
-
MD5
03ecb1dced92a9d5d47e637372eff960
-
SHA1
120d8dce954db8444a6343428fc600a80473a2f0
-
SHA256
0a49593c81bf56b744757aa895eef67e057a0ab303e80e0aa195de56dbe6bece
-
SHA512
991253a375de96476166a59dba6234022742301454039daf88f4eed089d72ef4875a5ca5245dbcf409acd3be9eb5ec10b7e932f4f2790d4ef2aaa25fd820fb21
-
SSDEEP
384:3DVUq67iFRNItImlQNQlk5aw5jn/BoKNQtCChhbAv4prY7DzbcXKgfU5Ppsdht1m:3pUZ7iFfuITlpVwhvpmQXKSz6vmp+6
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-