General
-
Target
Server.exe
-
Size
93KB
-
Sample
240428-n5z13sfe5v
-
MD5
b7071a1008ce755ea1d9d49573bbd8af
-
SHA1
e9221352026922a6935de37d811af499cf7cec06
-
SHA256
6a17f0d20077d64698dffc77c44dc3a12b86b653375d3adb1f03ad274190a4d8
-
SHA512
fd861c92d33cf79d7ca73cbe0d05035048c6efb6f12c05f6b00f52e5a0c4089d672a2b8a5889252df42bbc090fda11540c7d10783af095f3da3938dba3d8d828
-
SSDEEP
1536:JgZC+xhUa9urgOBPRNvM4jEwzGi1dDfDGgS:JgJUa9urgObdGi1dPr
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Server.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
0.tcp.eu.ngrok.io:10266
c0edef3577d11ff8fc907a7e196a399a
-
reg_key
c0edef3577d11ff8fc907a7e196a399a
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
b7071a1008ce755ea1d9d49573bbd8af
-
SHA1
e9221352026922a6935de37d811af499cf7cec06
-
SHA256
6a17f0d20077d64698dffc77c44dc3a12b86b653375d3adb1f03ad274190a4d8
-
SHA512
fd861c92d33cf79d7ca73cbe0d05035048c6efb6f12c05f6b00f52e5a0c4089d672a2b8a5889252df42bbc090fda11540c7d10783af095f3da3938dba3d8d828
-
SSDEEP
1536:JgZC+xhUa9urgOBPRNvM4jEwzGi1dDfDGgS:JgJUa9urgObdGi1dPr
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-