General
-
Target
akrien_1.5.8.rar
-
Size
31KB
-
Sample
240531-tj5mbsde3t
-
MD5
0616222604d7b733cbc9251fe6fcaac4
-
SHA1
3f3d16ec658f869d90b2126f51e0c6a5756d7c88
-
SHA256
01897bed0d01dbedd642a788244be6e178b5f049600aa6241572a2a19f7b4781
-
SHA512
f0dc202d9a32c4d75c3ad07ee41fc405f5267db7e056b2e535ece8b26d638ecfec16d201d8f3ef594f7dd26bcdcb9c3ab1e0013fdb631450c7d18af471ba6f44
-
SSDEEP
768:Zv7405+c6z9+20s6SdHRZI0Wu89XveC2a6RRy610UEnSlb2Y:h7eu23xktvWRvtaGX
Static task
static1
Behavioral task
behavioral1
Sample
akrien_1.5.8.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
akrien_1.5.8.rar
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.7d
FBR
hakim32.ddns.net:2000
2.tcp.eu.ngrok.io:17169
943103c6c88219ab23c2a39b264fc150
-
reg_key
943103c6c88219ab23c2a39b264fc150
-
splitter
|'|'|
Targets
-
-
Target
akrien_1.5.8.rar
-
Size
31KB
-
MD5
0616222604d7b733cbc9251fe6fcaac4
-
SHA1
3f3d16ec658f869d90b2126f51e0c6a5756d7c88
-
SHA256
01897bed0d01dbedd642a788244be6e178b5f049600aa6241572a2a19f7b4781
-
SHA512
f0dc202d9a32c4d75c3ad07ee41fc405f5267db7e056b2e535ece8b26d638ecfec16d201d8f3ef594f7dd26bcdcb9c3ab1e0013fdb631450c7d18af471ba6f44
-
SSDEEP
768:Zv7405+c6z9+20s6SdHRZI0Wu89XveC2a6RRy610UEnSlb2Y:h7eu23xktvWRvtaGX
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-