General
-
Target
cbb6191e4f764b4c676bbc409eb96bd2a6513159381d65a0991d00a88093ded5
-
Size
16KB
-
Sample
240419-vapeesae41
-
MD5
b90574cc1f18b9c3a6bae72f07d1e11f
-
SHA1
346b4fec933be37322a32fec6f75104d26c689d1
-
SHA256
cbb6191e4f764b4c676bbc409eb96bd2a6513159381d65a0991d00a88093ded5
-
SHA512
7c3bc83e7149237fb30d3174407df7f458ec2af544d6a77b808031e375b1e7a64fb4a69aed77b7ec60d8ad0c423b869dd9e495843cea7d05c9768ed2c658f707
-
SSDEEP
384:B5xhrb9JWt7anF94tVg4uN0YKTbSPgMzKqip:zzrJkB294tVbuKYKqPgMzKtp
Behavioral task
behavioral1
Sample
5647e8f07e026ae7c27dd2ca1273b0cb6738547668b35cdcb47e27c7049c2137.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5647e8f07e026ae7c27dd2ca1273b0cb6738547668b35cdcb47e27c7049c2137.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:11544
afec9fcd48a46dedc429cd119e0e18b4
-
reg_key
afec9fcd48a46dedc429cd119e0e18b4
-
splitter
|'|'|
Targets
-
-
Target
5647e8f07e026ae7c27dd2ca1273b0cb6738547668b35cdcb47e27c7049c2137.exe
-
Size
37KB
-
MD5
b9aa83e4bb5dcf404a118a3499c180b4
-
SHA1
b6eb15c01e788b443c922e25306f9253a7007f7c
-
SHA256
5647e8f07e026ae7c27dd2ca1273b0cb6738547668b35cdcb47e27c7049c2137
-
SHA512
1b3c7c94ba6db0e7ddf3e3cbf0be336f06d9784adfd918e7bc59e29b4f98a33d87fce7df0b5841c0792c91b3e0d9fb261a7836be3856e8e16839052f44b5dd88
-
SSDEEP
384:qGOQiluhHeTnMGiyMT3KPRxjnW+hrAF+rMRTyN/0L+EcoinblneHQM3epzXoNrnL:jpSMGxMT3KfzW6rM+rMRa8Nuift
Score8/10-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-