General
-
Target
wscript.exe
-
Size
93KB
-
Sample
240423-a9bmdsae31
-
MD5
50af5e7d5d665f6e9cca447af7e8b1e5
-
SHA1
8cde307749103cf895cd8c2d87a8a73aa1017fa8
-
SHA256
c7cc2d0b72eba9ef36f0ec9ad721b8a9e0dbaacb9121ccbead85b9751eb6f45b
-
SHA512
abdcb709f2c1c7e951b9f4a61b0766db965376476043fba7c8f182740ece3e2be6ca2e7a66e09c1327274af2f507fb2cf3f5e39b2b80619f5aa33b8fb28117e2
-
SSDEEP
768:QY3CUfhWXxyFcxovUKUJuROprXtWNEpeYhYbmXxrjEtCdnl2pi1Rz4Rk3lsGdpc3:KU5WhIUKcuOJRpPhBjEwzGi1dD1DcgS
Behavioral task
behavioral1
Sample
wscript.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
wscript.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
wscript.ddns.net:5552
7cf4c2536f30115b1e3e9ebf8675233a
-
reg_key
7cf4c2536f30115b1e3e9ebf8675233a
-
splitter
|'|'|
Targets
-
-
Target
wscript.exe
-
Size
93KB
-
MD5
50af5e7d5d665f6e9cca447af7e8b1e5
-
SHA1
8cde307749103cf895cd8c2d87a8a73aa1017fa8
-
SHA256
c7cc2d0b72eba9ef36f0ec9ad721b8a9e0dbaacb9121ccbead85b9751eb6f45b
-
SHA512
abdcb709f2c1c7e951b9f4a61b0766db965376476043fba7c8f182740ece3e2be6ca2e7a66e09c1327274af2f507fb2cf3f5e39b2b80619f5aa33b8fb28117e2
-
SSDEEP
768:QY3CUfhWXxyFcxovUKUJuROprXtWNEpeYhYbmXxrjEtCdnl2pi1Rz4Rk3lsGdpc3:KU5WhIUKcuOJRpPhBjEwzGi1dD1DcgS
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Drops file in System32 directory
-