General
-
Target
Setup.exe
-
Size
93KB
-
Sample
240621-nma91a1gqp
-
MD5
1c70d97bb9a9a08845affc675e99e8f4
-
SHA1
91171b4d3dc000bc840f207008707966ee08f965
-
SHA256
b001b441531e443c2c693971ca9f26837d0492c161634d29ba29dda5d5871960
-
SHA512
b8db5aa7f8d93c10ba4d34ec9ab2093589772a344aa37d4676e5d8369949052504a52dd568e9af6de17706554c5c1d1c01537f9d853603d77759680a8c6c5d91
-
SSDEEP
1536:yOpnEoSnsqS5ut9YLR8SjEwzGi1dDjD5gS:yOVSnsqS5uTYL+7i1dj2
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win10-20240611-en
Malware Config
Extracted
njrat
0.7d
DLVIL
hakim32.ddns.net:2000
remember-sail.gl.at.ply.gg:33823
cc8d5a61a0143f7be473e15ca7d2ba14
-
reg_key
cc8d5a61a0143f7be473e15ca7d2ba14
-
splitter
|'|'|
Targets
-
-
Target
Setup.exe
-
Size
93KB
-
MD5
1c70d97bb9a9a08845affc675e99e8f4
-
SHA1
91171b4d3dc000bc840f207008707966ee08f965
-
SHA256
b001b441531e443c2c693971ca9f26837d0492c161634d29ba29dda5d5871960
-
SHA512
b8db5aa7f8d93c10ba4d34ec9ab2093589772a344aa37d4676e5d8369949052504a52dd568e9af6de17706554c5c1d1c01537f9d853603d77759680a8c6c5d91
-
SSDEEP
1536:yOpnEoSnsqS5ut9YLR8SjEwzGi1dDjD5gS:yOVSnsqS5uTYL+7i1dj2
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-