General
-
Target
dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e
-
Size
37KB
-
Sample
240414-cp2desdc82
-
MD5
861dd8f883d6823db2a0f4f3cdcf78df
-
SHA1
3b5418016d9b935d19c1a985b92c5c338e5b4223
-
SHA256
dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e
-
SHA512
214ac7292b2d81699c3cb71cb38a1bdfa5c2a4351531d7afef5712ddd067be003ae1ec193f44360661ec1976b3a1a411a7480d982601389b5078f45d0456abb7
-
SSDEEP
384:pi2KMizdVjnBhFbJ8ycPN/fnnwacprrAF+rMRTyN/0L+EcoinblneHQM3epzXiNL:Q2gVlLJfcPN/flcNrM+rMRa8Nukft
Behavioral task
behavioral1
Sample
dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
im523
Bypassed
0.tcp.eu.ngrok.io:17231
f9c28378d0a3ca2121afafc0011b6028
-
reg_key
f9c28378d0a3ca2121afafc0011b6028
-
splitter
|'|'|
Targets
-
-
Target
dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e
-
Size
37KB
-
MD5
861dd8f883d6823db2a0f4f3cdcf78df
-
SHA1
3b5418016d9b935d19c1a985b92c5c338e5b4223
-
SHA256
dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e
-
SHA512
214ac7292b2d81699c3cb71cb38a1bdfa5c2a4351531d7afef5712ddd067be003ae1ec193f44360661ec1976b3a1a411a7480d982601389b5078f45d0456abb7
-
SSDEEP
384:pi2KMizdVjnBhFbJ8ycPN/fnnwacprrAF+rMRTyN/0L+EcoinblneHQM3epzXiNL:Q2gVlLJfcPN/flcNrM+rMRa8Nukft
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-