General
-
Target
9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956
-
Size
34KB
-
Sample
240419-wnrx5sbd78
-
MD5
686300db909689cb9eee92895f722f08
-
SHA1
1469ce0c609c266ab6bff8289d0d2c5f066fbf9a
-
SHA256
9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956
-
SHA512
646943c438c9e2ebfe8817df6e46a09b2a30eabc9070a6a7980af4544c27a655550317d4537846ee1fceeace95ce6b214c2d9dbe54cd74641f074bdf9b5cc731
-
SSDEEP
768:Pgz4uJSQF6iCaqFcGiD74NEiAPWBNywoc9sHTLFs56BcPJpe:Po4uwk76EJPWHybcW/7Eo
Behavioral task
behavioral1
Sample
9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
bb
hakim32.ddns.net:2000
0.tcp.eu.ngrok.io:17888
c86be61709b6b7df256fc75cd3352159
-
reg_key
c86be61709b6b7df256fc75cd3352159
-
splitter
|'|'|
Targets
-
-
Target
9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7.exe
-
Size
93KB
-
MD5
a0ab6069a6cfd81cf79191fe474c3f33
-
SHA1
63fd372f99c19671300b1e10e1656ac829a63374
-
SHA256
9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7
-
SHA512
5731c5a0e5ae75eb03626cbd272dc60f5075ab9f14f16f23311729f822baf6c932e9f274a7754d63d8b601a4365cb365437b3f5cb403f299eae16fde7947fe02
-
SSDEEP
768:xY3oIU9jglPPMJI08+EyrERm9hX+Dl3A461mXxrjEtCdnl2pi1Rz4Rk3TsGdpSgM:mUZgdQ8+f4mXIA4tjEwzGi1dD/DSgS
Score8/10-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-