General
-
Target
554f40d4d4e6d80d96c5fc1b41afb7268a0b09b375adc3bcb1e10b1ff2eed986.exe
-
Size
158KB
-
Sample
240429-bmxrsadh69
-
MD5
3eb8c476c0abcd01fdb799de83503e12
-
SHA1
138aa012bb3b20a79aaf016af172a1b3106a7304
-
SHA256
554f40d4d4e6d80d96c5fc1b41afb7268a0b09b375adc3bcb1e10b1ff2eed986
-
SHA512
ed277e52d5348d1401a51f002e9f03bfada6481b2cab827f13fa39d54f5c42d4e4ac6627ced47f98fbc22010b044fb0d09b55c6133fc2746e9e78234975c2f85
-
SSDEEP
3072:tf/J2ULiTehI8FrkZTFieSzoSUYSziUP0ZMJG:32UL2i9FKFHd4SziUP0
Behavioral task
behavioral1
Sample
554f40d4d4e6d80d96c5fc1b41afb7268a0b09b375adc3bcb1e10b1ff2eed986.exe
Resource
win7-20240220-en
Malware Config
Extracted
njrat
0.7d
MyBot
asero23.ddns.net:5552
863290bfb622fdfe0ad4e1b97536ae62
863290bfb622fdfe0ad4e1b97536ae62
-
reg_key
863290bfb622fdfe0ad4e1b97536ae62
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
554f40d4d4e6d80d96c5fc1b41afb7268a0b09b375adc3bcb1e10b1ff2eed986.exe
-
Size
158KB
-
MD5
3eb8c476c0abcd01fdb799de83503e12
-
SHA1
138aa012bb3b20a79aaf016af172a1b3106a7304
-
SHA256
554f40d4d4e6d80d96c5fc1b41afb7268a0b09b375adc3bcb1e10b1ff2eed986
-
SHA512
ed277e52d5348d1401a51f002e9f03bfada6481b2cab827f13fa39d54f5c42d4e4ac6627ced47f98fbc22010b044fb0d09b55c6133fc2746e9e78234975c2f85
-
SSDEEP
3072:tf/J2ULiTehI8FrkZTFieSzoSUYSziUP0ZMJG:32UL2i9FKFHd4SziUP0
-
UPX dump on OEP (original entry point)
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-