General
-
Target
af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e
-
Size
34KB
-
Sample
240419-v1mzaaaf37
-
MD5
67d7c2625c89f6217f7d588c04dca69d
-
SHA1
c0ca3427565d686cc7d06ef577815dd4bf037eaa
-
SHA256
af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e
-
SHA512
7ae568bd0350b6fd3e0ec3b6440c3bd4b9f6a45a3fe9160cb5a1c9e0d041c9caf8bb44accc0b69786127936f6380e0fd848f4c2759f1563abd46c038a20c4bfc
-
SSDEEP
768:XO34EqdUffHhALQU4ug9ZRg0IeP0hVO92tSfJ:XOIEAUffH2B4T9gZo92to
Behavioral task
behavioral1
Sample
5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
0.tcp.eu.ngrok.io:18595
919094467c31347c7137dd444837fdc3
-
reg_key
919094467c31347c7137dd444837fdc3
-
splitter
|'|'|
Targets
-
-
Target
5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e.exe
-
Size
93KB
-
MD5
627d146f44e901aa1bcd48effb3b788f
-
SHA1
8964f3c422dc04d0e71c7fe8439df4da708eeb3b
-
SHA256
5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e
-
SHA512
91c3cb47d136166b11fd64c5efad4ce063197ea42de19dc74c9b557e82ec7b8f15b9dace70891259abd27d0775b8efccf089f34f44586350d383268568ae12c5
-
SSDEEP
768:lY31Um/o9eUVTsZ4E+rLDPQmJ/ewL54lLdJXn5513Sr2YxgXxrjEtCdnl2pi1RzC:yUeoZp/eM4LvFSrdqjEwzGi1dDcD/gS
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-