Resubmissions
27-08-2023 15:40
230827-s3887aba84 1027-08-2023 15:39
230827-s35k1acg91 1027-08-2023 15:39
230827-s3w9macg9x 1027-08-2023 12:17
230827-pf6b8shd87 1027-08-2023 12:17
230827-pf3akshd86 1027-08-2023 12:16
230827-pfzvfshd85 1027-08-2023 12:16
230827-pfsfdabc8w 1027-08-2023 12:16
230827-pflylahd84 1027-08-2023 12:16
230827-pfgc4sbc8v 1027-08-2023 12:15
230827-pfc1pahd83 10General
-
Target
ExcenSC.exe
-
Size
93KB
-
Sample
230827-pfgc4sbc8v
-
MD5
caa7446c3e832a53be9336da30627217
-
SHA1
fd6476edb0eada6f521ff9f22b58ea9ae5e1e957
-
SHA256
35088ea25301db3dab3752a3ab02332083339080a3f8c8fd253b70607492aa26
-
SHA512
330724395111ff77e43b172f62a30f22c7305125924d1ca9ac0977ad622794075ae5f07fc494ebb01ce886597436332d35dac711a7f3d228b47fe111da92f3d7
-
SSDEEP
768:cY3yGL30YTXspgM0m2zGjpyDtdXWuxtXYLWhyXxrjEtCdnl2pi1Rz4Rk3ysGdpq3:eGD0AA0mT1mrWxL5jEwzGi1dDODqgS
Behavioral task
behavioral1
Sample
ExcenSC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ExcenSC.exe
Resource
win10-20230703-en
Behavioral task
behavioral3
Sample
ExcenSC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
njrat
0.7d
mamasita
hakim32.ddns.net:2000
ago-shopper.gl.at.ply.gg:33932
e9b5d9adb3bd2d12b3b209e6217534e3
-
reg_key
e9b5d9adb3bd2d12b3b209e6217534e3
-
splitter
|'|'|
Targets
-
-
Target
ExcenSC.exe
-
Size
93KB
-
MD5
caa7446c3e832a53be9336da30627217
-
SHA1
fd6476edb0eada6f521ff9f22b58ea9ae5e1e957
-
SHA256
35088ea25301db3dab3752a3ab02332083339080a3f8c8fd253b70607492aa26
-
SHA512
330724395111ff77e43b172f62a30f22c7305125924d1ca9ac0977ad622794075ae5f07fc494ebb01ce886597436332d35dac711a7f3d228b47fe111da92f3d7
-
SSDEEP
768:cY3yGL30YTXspgM0m2zGjpyDtdXWuxtXYLWhyXxrjEtCdnl2pi1Rz4Rk3ysGdpq3:eGD0AA0mT1mrWxL5jEwzGi1dDODqgS
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-