General
-
Target
03CFE21475FF1E4B334AD89DED81AE54.exe
-
Size
23KB
-
Sample
231217-wzbejagfh7
-
MD5
03cfe21475ff1e4b334ad89ded81ae54
-
SHA1
885cd1d6782f12eba1a8b02ba5e380b43d724ac8
-
SHA256
b6634d60c4f33e8ff40efbbbddd098cc420fe12822c633752260e3b0e6d11307
-
SHA512
28361958762f5951c405f664e6891eca9fe735b791702db93599fbf34b50885d95dd8938784423ec4ccb50648a4f8350106b51d8082d43e65fa5371bf3bd9f56
-
SSDEEP
384:IcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZLp:330py6vhxaRpcnuG
Behavioral task
behavioral1
Sample
03CFE21475FF1E4B334AD89DED81AE54.exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
0.7d
Lammer
0.tcp.sa.ngrok.io:12537
e71381ce4c6ac23e031048fb1464e9da
-
reg_key
e71381ce4c6ac23e031048fb1464e9da
-
splitter
|'|'|
Targets
-
-
Target
03CFE21475FF1E4B334AD89DED81AE54.exe
-
Size
23KB
-
MD5
03cfe21475ff1e4b334ad89ded81ae54
-
SHA1
885cd1d6782f12eba1a8b02ba5e380b43d724ac8
-
SHA256
b6634d60c4f33e8ff40efbbbddd098cc420fe12822c633752260e3b0e6d11307
-
SHA512
28361958762f5951c405f664e6891eca9fe735b791702db93599fbf34b50885d95dd8938784423ec4ccb50648a4f8350106b51d8082d43e65fa5371bf3bd9f56
-
SSDEEP
384:IcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZLp:330py6vhxaRpcnuG
-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-