General
-
Target
1fb97ee37a2c5a979bc4dff4613f9fb2_JC.bin
-
Size
34KB
-
Sample
230901-xdgvvsgg3v
-
MD5
9cefaf68e6e473ead1a177f9632bcb23
-
SHA1
91ca795eaf0110fa055a140b082820057d39131a
-
SHA256
d148ea5e4ded7cc817182e92711e41e3840db9c1d8fa5656d5e235bb4a696d85
-
SHA512
5b20ebd872f82202374b15ce1094c55111e8dd4e64e39b2ae5d5881de66df6d917c29783aa64df75479ad6380465677a29cc9f306d110f86c9d89427f5f44c90
-
SSDEEP
768:D5S+6saBt5Ub7fFw9AEPRBLKnHPIgOXmncUys2Ojo:E+87ammE5BiPF7cAxjo
Behavioral task
behavioral1
Sample
c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
njrat
0.7d
Лошок
hakim32.ddns.net:2000
4.tcp.eu.ngrok.io:19914
af200c2dc24146f167c6cde4523f107f
-
reg_key
af200c2dc24146f167c6cde4523f107f
-
splitter
|'|'|
Targets
-
-
Target
c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8.exe
-
Size
93KB
-
MD5
1fb97ee37a2c5a979bc4dff4613f9fb2
-
SHA1
13679e8eb6e8995bfda6590f3dd04c6d99104b67
-
SHA256
c4edeb1befa9d2125c24938dfa1ac106d35f6992793a5ebc8c2b09ec38777ca8
-
SHA512
913f3b430ea169ae91079a65982b15b913c89ee9eb43eb15a09bb44f052e27597e598017b1c3cc47b2633e8ef9c9b5f056e447beb5b61f3453e2280c0c52a727
-
SSDEEP
1536:ghnR8lZc+/2HK1j+58dljEwzGi1dDUDPgS:ghnKc+/2HK1a8dSi1dyo
Score8/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-