General
-
Target
Server.exe
-
Size
37KB
-
Sample
240425-fjnf6afh3z
-
MD5
2c48f31ed16473dc1d4d3de0471fb038
-
SHA1
af93ea242ba05d585aea52d99eecc4be8966ae8e
-
SHA256
31e7b37f5680b46ee4fab18f186469ae475ea76aecd7820d20d56e4d5db58a04
-
SHA512
35dee546949f9cb0025f24796463294e2d62d8e55ad8db41eeb91e2601893ea7423044d5eed067f1c824eb0100bcde3c838c587ebc886d44bb1b09104598830e
-
SSDEEP
384:hGNTgiG1CVZfursvO6yszop0n/eT3wSArAF+rMRTyN/0L+EcoinblneHQM3epzXv:ENh5Wpszop0mzw/rM+rMRa8Nuict
Malware Config
Extracted
njrat
im523
HacKed
aboft7e.ddns.net:8080
821d279469408d6fe1b46c282ee1cc19
-
reg_key
821d279469408d6fe1b46c282ee1cc19
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
37KB
-
MD5
2c48f31ed16473dc1d4d3de0471fb038
-
SHA1
af93ea242ba05d585aea52d99eecc4be8966ae8e
-
SHA256
31e7b37f5680b46ee4fab18f186469ae475ea76aecd7820d20d56e4d5db58a04
-
SHA512
35dee546949f9cb0025f24796463294e2d62d8e55ad8db41eeb91e2601893ea7423044d5eed067f1c824eb0100bcde3c838c587ebc886d44bb1b09104598830e
-
SSDEEP
384:hGNTgiG1CVZfursvO6yszop0n/eT3wSArAF+rMRTyN/0L+EcoinblneHQM3epzXv:ENh5Wpszop0mzw/rM+rMRa8Nuict
-
Modifies Windows Firewall
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-