General
-
Target
243e61e9274fdd1d62c9c2cefc5d0c57.bin
-
Size
23KB
-
Sample
230731-blfrwaca56
-
MD5
243e61e9274fdd1d62c9c2cefc5d0c57
-
SHA1
8a915a682debbf969ed7917b5d26dd31e21786e8
-
SHA256
e162f5bb33843a8872968483555c053718bb9654c0641ccd393f4ddd08391e17
-
SHA512
813d2568d465822d90352651e91e91d1dcdfd2e5c47e4b851d9500ac819602f80602c8b4bfc149b741b684b833c908cf41dd91827e13f2cbb852c0b175c4605e
-
SSDEEP
384:MsqS+ER6vRKXGYKRWVSujUtX9w6Vglo61Z5DVmRvR6JZlbw8hqIusZzZU8:Tf65K2Yf1jMRpcnuO
Behavioral task
behavioral1
Sample
243e61e9274fdd1d62c9c2cefc5d0c57.exe
Resource
win7-20230712-en
Malware Config
Extracted
njrat
0.7d
Lammer
0.tcp.sa.ngrok.io:11529
1703ba9cf7c907ac1a273b4cbdb493ba
-
reg_key
1703ba9cf7c907ac1a273b4cbdb493ba
-
splitter
|'|'|
Targets
-
-
Target
243e61e9274fdd1d62c9c2cefc5d0c57.bin
-
Size
23KB
-
MD5
243e61e9274fdd1d62c9c2cefc5d0c57
-
SHA1
8a915a682debbf969ed7917b5d26dd31e21786e8
-
SHA256
e162f5bb33843a8872968483555c053718bb9654c0641ccd393f4ddd08391e17
-
SHA512
813d2568d465822d90352651e91e91d1dcdfd2e5c47e4b851d9500ac819602f80602c8b4bfc149b741b684b833c908cf41dd91827e13f2cbb852c0b175c4605e
-
SSDEEP
384:MsqS+ER6vRKXGYKRWVSujUtX9w6Vglo61Z5DVmRvR6JZlbw8hqIusZzZU8:Tf65K2Yf1jMRpcnuO
-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-