General
-
Target
a3ff56835b4bd0e80f6e95fbfc741a8e
-
Size
104KB
-
Sample
231227-fe17fseab7
-
MD5
a3ff56835b4bd0e80f6e95fbfc741a8e
-
SHA1
8af2b8e66107890df87a3c6ee9a5712228f95d8a
-
SHA256
ee9fd41093ef9d4e21a78ab987df6ad42a6fa5dcea7ebd9c5ff1e1f388720d8e
-
SHA512
1dbc80bccb87b4f1330a783fb4c2c7840cec6d9c280c261c8df2d8bdd4188ca1e779665f00cb35440660f70e95a06f178387aa113803ef0581dd2d658694107b
-
SSDEEP
1536:+eS3Yzxx6ZTD9Um9UoCONGAho+nuzGHRbVV3jEbgkxpPNOf5uze3S:+eS3Yzxx6R63ahJn9RStUYzeC
Static task
static1
Behavioral task
behavioral1
Sample
a3ff56835b4bd0e80f6e95fbfc741a8e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a3ff56835b4bd0e80f6e95fbfc741a8e.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
system
4.tcp.ngrok.io:14964
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
a3ff56835b4bd0e80f6e95fbfc741a8e
-
Size
104KB
-
MD5
a3ff56835b4bd0e80f6e95fbfc741a8e
-
SHA1
8af2b8e66107890df87a3c6ee9a5712228f95d8a
-
SHA256
ee9fd41093ef9d4e21a78ab987df6ad42a6fa5dcea7ebd9c5ff1e1f388720d8e
-
SHA512
1dbc80bccb87b4f1330a783fb4c2c7840cec6d9c280c261c8df2d8bdd4188ca1e779665f00cb35440660f70e95a06f178387aa113803ef0581dd2d658694107b
-
SSDEEP
1536:+eS3Yzxx6ZTD9Um9UoCONGAho+nuzGHRbVV3jEbgkxpPNOf5uze3S:+eS3Yzxx6R63ahJn9RStUYzeC
Score10/10-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-