General
-
Target
143b5d2c002c8d0dd24097cf20f790d0.exe
-
Size
93KB
-
Sample
231209-hw34gsggd4
-
MD5
143b5d2c002c8d0dd24097cf20f790d0
-
SHA1
c9eef9e55f8028e7c946f604ea1a19fb75c62544
-
SHA256
6365bfab0c3f51ed16222655d8d4f8c9eecd113ed8840eaf094fc724da37421f
-
SHA512
6b290328e3e54475d676f631ae0bb89421ab43ceb96135ad16274c5210337d9eb94d6385d3ebabee348500baf842794c399c5f105a16ea719b2b75eec6113819
-
SSDEEP
1536:txwC+xhUa9urgOBPmNvM4jEwzGi1dD1DhgS:txmUa9urgOkdGi1d5e
Behavioral task
behavioral1
Sample
143b5d2c002c8d0dd24097cf20f790d0.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
143b5d2c002c8d0dd24097cf20f790d0.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
0.tcp.eu.ngrok.io:15713
ade7ccccf9fb4b66977379c0a093a7be
-
reg_key
ade7ccccf9fb4b66977379c0a093a7be
-
splitter
|'|'|
Targets
-
-
Target
143b5d2c002c8d0dd24097cf20f790d0.exe
-
Size
93KB
-
MD5
143b5d2c002c8d0dd24097cf20f790d0
-
SHA1
c9eef9e55f8028e7c946f604ea1a19fb75c62544
-
SHA256
6365bfab0c3f51ed16222655d8d4f8c9eecd113ed8840eaf094fc724da37421f
-
SHA512
6b290328e3e54475d676f631ae0bb89421ab43ceb96135ad16274c5210337d9eb94d6385d3ebabee348500baf842794c399c5f105a16ea719b2b75eec6113819
-
SSDEEP
1536:txwC+xhUa9urgOBPmNvM4jEwzGi1dD1DhgS:txmUa9urgOkdGi1d5e
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-