General
-
Target
Server.exe
-
Size
93KB
-
Sample
231202-xbsvcaeh65
-
MD5
06b07ccea764969e99b0078f16b602d8
-
SHA1
4d046fdee155d8a4004b9dbb8b57d19ab4fe1080
-
SHA256
09231be6b350e58a5bf3eecad7d265827d1196f08a957a9d4e54f0740e775062
-
SHA512
fb7dc5ad85045ab55fa2291be9dbcba2d576ef4b0f412352d6cc07ad1591cb07de1fcee7d1349fa9690c57b6f89cea44025b71501174b5c68da67935664167d6
-
SSDEEP
768:9Y3repD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk36sGo:geLOx6baIa9RPj00ljEwzGi1dDWDCgS
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
6.tcp.eu.ngrok.io:13003
39e457ed33ca4b59270cb29bb81aad59
-
reg_key
39e457ed33ca4b59270cb29bb81aad59
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
06b07ccea764969e99b0078f16b602d8
-
SHA1
4d046fdee155d8a4004b9dbb8b57d19ab4fe1080
-
SHA256
09231be6b350e58a5bf3eecad7d265827d1196f08a957a9d4e54f0740e775062
-
SHA512
fb7dc5ad85045ab55fa2291be9dbcba2d576ef4b0f412352d6cc07ad1591cb07de1fcee7d1349fa9690c57b6f89cea44025b71501174b5c68da67935664167d6
-
SSDEEP
768:9Y3repD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk36sGo:geLOx6baIa9RPj00ljEwzGi1dDWDCgS
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-