General
-
Target
95e922bc96ec909a9eb80ae3716af0038ee3de24fc22b569c527764bf3be27a1.exe
-
Size
91KB
-
Sample
240913-nks22azakj
-
MD5
a458a33e5591c3fd7f7c8ae58d50ce55
-
SHA1
e9342f2bd7db767d12e0b5faa1f2918bdabafe77
-
SHA256
95e922bc96ec909a9eb80ae3716af0038ee3de24fc22b569c527764bf3be27a1
-
SHA512
4891d5e2cee561b87ff2399392168eaedc4df7fc312f0f00949dc97e9098bdb74e13f4a07ce42d660205c0afe55419ac1fbe6c328b343e267d626289b0e6e81e
-
SSDEEP
768:nGZefiM+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4ss:hfil0pUjBjZdL4kHG5mktQJVR1Fpiv
Malware Config
Extracted
njrat
hakim32.ddns.net:2000
Targets
-
-
Target
95e922bc96ec909a9eb80ae3716af0038ee3de24fc22b569c527764bf3be27a1.exe
-
Size
91KB
-
MD5
a458a33e5591c3fd7f7c8ae58d50ce55
-
SHA1
e9342f2bd7db767d12e0b5faa1f2918bdabafe77
-
SHA256
95e922bc96ec909a9eb80ae3716af0038ee3de24fc22b569c527764bf3be27a1
-
SHA512
4891d5e2cee561b87ff2399392168eaedc4df7fc312f0f00949dc97e9098bdb74e13f4a07ce42d660205c0afe55419ac1fbe6c328b343e267d626289b0e6e81e
-
SSDEEP
768:nGZefiM+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4ss:hfil0pUjBjZdL4kHG5mktQJVR1Fpiv
Score8/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-