Overview
overview
10Static
static
10bazaar.202...ge.exe
windows7-x64
3bazaar.202...ge.exe
windows11-21h2-x64
1bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows11-21h2-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows11-21h2-x64
10bazaar.202...te.exe
windows7-x64
10bazaar.202...te.exe
windows11-21h2-x64
10General
-
Target
Bazaar.2020.02.7z
-
Size
6.3MB
-
Sample
240915-1tbwbsthne
-
MD5
a2fc1e0d85da197a26203e22bdd1b5a2
-
SHA1
4c2f2158f440347a0f722cd81eb806e28481b868
-
SHA256
7559e6ca8b77400f88bf4e67208a1c32570a670068eccae9e3d226cc5471bd47
-
SHA512
6781742683061f15e74d6a62b16102dde83cafe1aa6f349e1ecec305dd3a72ea043709a19ec435a749e506efb4d93e82ea5ee620bfe60024a5782550eb7f8745
-
SSDEEP
196608:d98omomtNNy/aJF3Jf7KQrNIdaBtlCJNfx2944bl465o:d98omvMKZmQagtU0N465o
Static task
static1
Behavioral task
behavioral1
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.exe
Resource
win7-20240903-en
Malware Config
Extracted
njrat
0.7d
Low3n
192.168.100.58:443
192.168.42.7:443
e4c7f2e5b82fac0d624ab661f39b28fa
-
reg_key
e4c7f2e5b82fac0d624ab661f39b28fa
-
splitter
|'|'|
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
104.238.137.213:5552
192.168.89.1:1177
192.168.1.5:666
myhotkkk444.duckdns.org:4444
JohnRicardomilos-33746.portmap.io:1605
127.0.0.1:5552
192.168.56.1:5552
shytanoff.ddns.net:1177
127.0.0.1:2020
192.168.0.27:4444
shytangz12.ddns.net:1177
dalpzy.ddns.net:1085
updatesystemtool.ddns.net:1337
jhonjhon4842.ddns.net:1177
192.168.1.16:5552
fidapeste.duckdns.org:5552
harris974.ddns.net:4444
127.0.0.1:4789
bo6y1.hopto.org:1609
127.0.0.1:1604
127.0.0.1:9999
191.239.255.3:5552
shopviabitcoin.ddns.net:1177
nj1337..ddns.net:1605
jokernet2019.zapto.org:1919
aeeb7a2903c8c537463f288bcc5eed2e
-
reg_key
aeeb7a2903c8c537463f288bcc5eed2e
-
splitter
|'|'|
Extracted
asyncrat
0.5.6A
null
127.0.0.1:9040
bomi.duckdns.org:8080
192.168.1.7:8080
jhonjhon4842.ddns.net:6606
jhonjhon4842.ddns.net:3389
denemeiso1.duckdns.org:5060
sam144169-56334.portmap.io:56334
sam144169-56334.portmap.io:5552
sam144169-56334.portmap.io:5050
webforma.chickenkiller.com:56334
webforma.chickenkiller.com:5552
webforma.chickenkiller.com:5050
webdata.ddns.net:56334
webdata.ddns.net:5552
webdata.ddns.net:5050
62.108.37.42:8808
noregisterdomain.zapto.org:9040
82.84.85.59:1608
number2.duckdns.org:6606
number2.duckdns.org:7707
number2.duckdns.org:8808
13.235.23.234:1337
127.0.0.1:5222
unregisteredhost.dynu.net:9040
ertretythhrrthttrhth
-
delay
5
-
install
false
-
install_folder
%AppData%
Extracted
darkcomet
hacked
sexystar.myq-see.com:5552
DC_MUTEX-6BSXQXU
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
1JlJEAuNqqm6
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Extracted
darkcomet
Mikel_04
ventoclima.hopto.org:8678
DC_MUTEX-J9C4X34
-
InstallPath
Temp\Taskmgrk.exe
-
gencode
mn82vWE9luVq
-
install
true
-
offline_keylogger
true
-
password
Mikel2019
-
persistence
true
-
reg_key
taskmgrk
Extracted
darkcomet
Mikel50
ventoclima.hopto.org:58589
DC_MUTEX-1M2MJNL
-
InstallPath
temp\taskmgrk.exe
-
gencode
n7v7WtYPsejG
-
install
true
-
offline_keylogger
true
-
password
Mikel2019
-
persistence
false
-
reg_key
taskmgrk
Extracted
njrat
Hallaj PRO Rat [Fixed]
HacKed
127.0.0.1:5552
984559f52d4087243e95e5ad9bb48e8d
-
reg_key
984559f52d4087243e95e5ad9bb48e8d
-
splitter
boolLove
Extracted
asyncrat
0.5.5A
null
192.168.1.9:8080
jsdmhpiwkzhk
-
delay
5
-
install
false
-
install_folder
%AppData%
Extracted
quasar
1.4.0.0
Infected
noinmy.ddns.net:9999
BW7JOTpOU1me7DhAhz
-
encryption_key
cuGnTFdzZchzOboCjJyu
-
install_name
dashost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WinServe
-
subdirectory
DAF
Extracted
revengerat
Guest
127.0.0.1:2302
127.0.0.1:1604
rdp2.dgsn.fr:213
jasonbrody2019.hopto.org:5555
tzii.myq-see.com:888
127.0.0.1:90
127.0.0.1:5555
memo445.ddns.net:1337
192.168.234.157:4444
192.168.197.128:1337
192.168.1.2:333
174.127.99.217:1016
193.161.193.99:8888
193.161.193.99:57904
RV_MUTEX
Extracted
revengerat
LimeRevenge
3f4-8b13-1cf6666e4149
Extracted
njrat
0.7d
B HAT
cd1f49ff557041b28396a032e2b161ee
-
reg_key
cd1f49ff557041b28396a032e2b161ee
-
splitter
|'|'|
Extracted
njrat
0.7d
NYAN CAT
127.0.0.1:5552
64dfa84fd6a14d54bb5da02b3d38a087
-
reg_key
64dfa84fd6a14d54bb5da02b3d38a087
-
splitter
|'|'|
Extracted
njrat
0.7NC
NYAN CAT
127.0.0.1:9045
127.0.0.1:8080
192.168.1.7:8080
159.65.15.187:5552
127.0.0.1:5552
unregisteredhost.dynu.net:9045
omnibeees.ddns.com.br:5552
winddns.publicvm.com:5552
whoisdomain.zapto.org:9045
13f63b20924948f
-
reg_key
13f63b20924948f
-
splitter
@!#&^%$
Extracted
njrat
0.7d
Test Bypass cho down load
127.0.0.1:1234
165d6ed988ac
-
reg_key
165d6ed988ac
-
splitter
|'|'|
Extracted
quasar
1.3.0.0
VN333
billythesailor.ddns.net:4782
billythesailor.ddns.net:4707
billythesailor.ddns.net:4708
QSR_MUTEX_EZD0hpIqeXmWmfSZR5
-
encryption_key
6dtdGsEtLLsDNKEXgV4zSrTRpfxT2qGQ
-
install_name
Windows Startup Service.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Startup Service
-
subdirectory
SubDir
Extracted
limerat
bc1quugyyqeyjw9z2qdetazwpp6jfpdqnscxj3jxgq
-
aes_key
123
-
antivm
false
-
c2_url
https://pastebin.com/raw/zVbipP9N
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
remcos
Host
127.0.0.1:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_vruzvedwdwvizfq
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Extracted
njrat
Visual Studio
d72f69dfb2e45fb7b2acbc62f8219a16
-
reg_key
d72f69dfb2e45fb7b2acbc62f8219a16
Extracted
njrat
0.6.4
HacKed
192.168.1.2:1177
ghassan2019.ddns.net:1177
127.0.0.1:1177
192.168.1.11:1337
43.229.151.171:1177
43.229.151.191:1177
103.82.249.74:5552
memo445.ddns.net:5552
saleh200.hopto.org:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Extracted
njrat
0.7d
MyBot
127.0.0.1:8080
1.243.157.185:6522
9e549438c56317b24cd87c987b694da8
-
reg_key
9e549438c56317b24cd87c987b694da8
-
splitter
Y262SUCZ4UJJ
Extracted
njrat
0.6.4
YourPhone
157.245.220.192:1177
bec01544ef6b0bb361f68d796213ad70
-
reg_key
bec01544ef6b0bb361f68d796213ad70
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKeD
85:85
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
YourPhone
be7a6446994c64053a860ca10a12ce1e
-
reg_key
be7a6446994c64053a860ca10a12ce1e
Extracted
njrat
0.7d
required installation
uxnr.ddns.net:7144
a2d1b1b05cb0b58cf6e21aefb30df1db
-
reg_key
a2d1b1b05cb0b58cf6e21aefb30df1db
-
splitter
|'|'|
Extracted
njrat
Person_Anonymous
b48bd383056441b474989fb5582a172b
-
reg_key
b48bd383056441b474989fb5582a172b
Extracted
njrat
Hacked By HiDDen PerSOn
687a11c6212507fa992aa1644b336ef5
-
reg_key
687a11c6212507fa992aa1644b336ef5
Extracted
njrat
im523
HacKed By KiLLeR
killerfo2.ddns.net:1177
killerfo22.ddns.net:1177
61e53fca4b50eaee89f696351aed3589
-
reg_key
61e53fca4b50eaee89f696351aed3589
-
splitter
|'|'|
Extracted
njrat
im523
HacKed
127.0.0.1:5552
yano.ddns.net:1605
84.217.125.142:80
127.0.0.1:35855
hostnj.ddns.net:1177
7d6d30a897de0ce8a1f25f71e40d0c4d
-
reg_key
7d6d30a897de0ce8a1f25f71e40d0c4d
-
splitter
|'|'|
Extracted
njrat
0.7d
client
akamaru.ddns.net:1605
netcatclink.ddns.net:4444
aa15bd929c7132fe8f63fd4d0ae48d6c
-
reg_key
aa15bd929c7132fe8f63fd4d0ae48d6c
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
192.168.234.154:5555
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
0.7d
Test
10.10.10.25:2525
2cf8612501da0a1a00fe5c300206e7a5
-
reg_key
2cf8612501da0a1a00fe5c300206e7a5
-
splitter
|'|'|
Extracted
njrat
im523
bustabit
wogusnn.ddns.net:5553
d963ad78fcad26750b040b7fff9e4835
-
reg_key
d963ad78fcad26750b040b7fff9e4835
-
splitter
|'|'|
Extracted
njrat
im523
HacKed PUBG
cantburn.hopto.org:1177
7b5444a8f8ca9a359aadb891c7e9f01b
-
reg_key
7b5444a8f8ca9a359aadb891c7e9f01b
-
splitter
|'|'|
Extracted
njrat
0.7d
HHHXXX
black101.ddns.net:1177
c7c947d665980e197b736d98adf01cc0
-
reg_key
c7c947d665980e197b736d98adf01cc0
-
splitter
|'|'|
Extracted
njrat
Kjh
마인크래프트
14.46.160.76:5552
06d63ada0dc02c6a44ed3c3fc5c89d83
-
reg_key
06d63ada0dc02c6a44ed3c3fc5c89d83
-
splitter
|'|'|
Extracted
njrat
0.7d
HacKed
x014.hopto.org:4444
192.168.1.16:4444
Windows Update
-
reg_key
Windows Update
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
Kulum
34.89.221.19:4444
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
0.7d
45.76.29.16:5552
738e6a0cd25e647b7eb7d6cdad689401
-
reg_key
738e6a0cd25e647b7eb7d6cdad689401
-
splitter
|'|'|
Extracted
njrat
0.7d
Pubg Mobile
Owais5050-61656.portmap.io:56607
6cd2713f4eecf0bba2b136a5ea65aac1
-
reg_key
6cd2713f4eecf0bba2b136a5ea65aac1
-
splitter
|'|'|
Extracted
njrat
0.7d
pinatanai
159.65.15.187:5555
ca60c420c99495343bf4e523a6b382cc
-
reg_key
ca60c420c99495343bf4e523a6b382cc
-
splitter
|'|'|
Extracted
njrat
0.7d
deme
192.168.1.34:4444
4a511581dfdc310e4c48feb89e0695f4
-
reg_key
4a511581dfdc310e4c48feb89e0695f4
-
splitter
Y262SUCZ4UJJ
Extracted
njrat
Kjh
HacKed
180.230.116.72:5552
8e3709de950aab92ac1a166058ff0595
-
reg_key
8e3709de950aab92ac1a166058ff0595
-
splitter
|'|'|
Extracted
njrat
0.6.4
Person
127.0.0.1:456
dae31c02cb06222e776b9ccb9207edb1
-
reg_key
dae31c02cb06222e776b9ccb9207edb1
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
gariban
rothilione-41041.portmap.io:41041
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
2020/
cad6ec042b06ac31e129fbc8d13eabe6
-
reg_key
cad6ec042b06ac31e129fbc8d13eabe6
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
34234234
146.158.107.225:8408
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
SAD NIGGA HOURS
06ba6a3d895af3b2b6823852ec271c67
-
reg_key
06ba6a3d895af3b2b6823852ec271c67
Extracted
njrat
0.7.3
Lime
195.222.172.238:5228
svchost.exe
-
reg_key
svchost.exe
-
splitter
njrat
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
topher
tolga182-49359.portmap.host:1604
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
Hacked
19398dcbfdab92aeb0734478a2451d20
-
reg_key
19398dcbfdab92aeb0734478a2451d20
Extracted
njrat
roby
4bda69d82f2ad26800386604df9bc3de
-
reg_key
4bda69d82f2ad26800386604df9bc3de
Extracted
njrat
0.7d
victime
tutoratderz.ddns.net:5552
tutoratderz.ddns.net:1605
61f6d5680d79146f1177cacbfc3022ce
-
reg_key
61f6d5680d79146f1177cacbfc3022ce
-
splitter
|'|'|
Extracted
revengerat
NyanCatRevenge
127.0.0.1:333
NOREGISTERDOMAIN.ZAPTO.ORG:9045
helpdeskcamfrog.ddns.net:2222
3030pp.hopto.org:1000
r3dc0d3r.duckdns.org:12301
toloro.duckdns.org:5555
fullcdt.hopto.org:333
sensual2020.ddns.net:3000
192.168.1.2:2222
alien007.my-firewall.org:8080
cuenta.hopto.org:5214
2cc2152a0871
Extracted
revengerat
R A D
KevinDavis-58161.portmap.host:58161
192.168.1.112:4444
kevindavis-58161.portmap.host:58161
RV_MUTEX
Extracted
revengerat
system
yj233.e1.luyouxia.net:20645
RV_MUTEX-GeVqDyMpzZJHO
Extracted
revengerat
YT
yukselofficial.duckdns.org:5552
RV_MUTEX-WlgZblRvZwfRtNH
Extracted
quasar
1.3.0.0
Office04
al3nzii.myq-see.com:4782
hoba7be.ddns.net:4782
127.0.0.1:2323
149.28.201.253:4782
192.168.2.9:1783
86.93.121.149:1783
192.168.234.157:1234
127.0.0.1:4782
192.168.1.100:4800
QSR_MUTEX_QSMxTkfFj770mwaMaj
-
encryption_key
zunmXxOhff9hBVcOIy8a
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
windows
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
Kurban
gameranil88-34655.portmap.io:34655
QSR_MUTEX_Mq8fSFRilMUG89GjSc
-
encryption_key
wE4B3JaW3vEUIIrvszcF
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
WindowsUptade
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
Force One
umcarasozinho.giize.com:5552
QSR_MUTEX_rXuzhrms6m5Gx0d0lk
-
encryption_key
2yzv2TDIqCeGLodEWuqz
-
install_name
systemhelper.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
systemhelper
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
New
ipaf3.sytes.net:5353
ipaf4.sytes.net:5353
QSR_MUTEX_IRT4UgcGhk975OVXdn
-
encryption_key
AWkTsOYsl9wIkH8LUfG4
-
install_name
Driver.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Drivers
-
subdirectory
Drivers
Extracted
quasar
1.3.0.0
CoDer
skypeprocesshost.ddns.com.br:4782
workwinrarhost.ddns.com.br:4782
office.minhaempresa.tv:4782
authy.winconnection.net:4782
QSR_MUTEX_waaDBjBTwvE4jQF1CY
-
encryption_key
syxdBvDrFCjAln3AxGRZ
-
install_name
0ffice.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
msg
-
subdirectory
Office
Extracted
quasar
1.3.0.0
Ps
45.74.53.124:4782
s5v8y/B?E(H+MbQeThWmZq3t6w9z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgV
-
encryption_key
sEybIz3EK3xXIpG2z1h2
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
Force One PC MASTER
apenasumcarasozinho.hopto.org:5552
QSR_MUTEX_HqC3bVY0FTFbgxQirr
-
encryption_key
5RhS5uBxvlwTtS4KFhfw
-
install_name
systemHelper.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
systemhelper
-
subdirectory
SubDir
Extracted
nanocore
1.2.2.0
uniformmm.ddns.net:1543
127.0.0.1:1543
spowpow12.hopto.org:5678
127.0.0.1:5678
127.0.0.1:54984
192.168.1.16:54984
ahmedt.duckdns.org:113
ghfsquad.duckdns.org:8192
ludwigh.duckdns.org:8192
jhonjhon4842.ddns.net:53896
jemoederspow.ddns.net:5678
192.168.0.129:54984
8c89a093-5ac7-424e-8c76-2e80c157bade
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2019-10-14T14:42:04.641145036Z
-
bypass_user_account_control
false
-
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1543
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
8c89a093-5ac7-424e-8c76-2e80c157bade
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
uniformmm.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Extracted
njrat
0.7d
Downloading
console-wifi.ddns.net:5552
3dfad3bbc7bad1562c683adfee1a8e48
-
reg_key
3dfad3bbc7bad1562c683adfee1a8e48
-
splitter
|'|'|
Extracted
njrat
0.7d
RECUP NOIP
9292.ddns.net:10140
1f0c56d11a4a44433acf4728c597fd66
-
reg_key
1f0c56d11a4a44433acf4728c597fd66
-
splitter
|'|'|
Extracted
njrat
0.7d
내따꽈리
asdgdcvxzcv.kro.kr:2222
651deda00b27ab86d974483926aa2300
-
reg_key
651deda00b27ab86d974483926aa2300
-
splitter
|'|'|
Extracted
njrat
0.7d
NEW
sharrych.ddns.net:5556
723520b640cb39476dbbd3d566c664da
-
reg_key
723520b640cb39476dbbd3d566c664da
-
splitter
|'|'|
Extracted
njrat
0.6.4
clienta
achraf4.ddns.net:4500
59d56b3983b444c86e2da951d0302f3b
-
reg_key
59d56b3983b444c86e2da951d0302f3b
-
splitter
|'|'|
Extracted
warzonerat
tresor2020.ddns.net:2020
178.238.8.111:2626
Extracted
cybergate
v1.07.5
remote
127.0.0.1:999
127.0.0.1:81
0Y7117LDCV0730
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
Targets
-
-
Target
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096
-
Size
16KB
-
MD5
fc8f4e31d85e796c1efe9b0fabeed23a
-
SHA1
e15233a69c32761d8ad0e293ce1ed2e1162d5647
-
SHA256
c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096
-
SHA512
36e40d94711c82fb1669e3143d63833a3f7ad1b0ea8dae00287cbcdfd154135a3d7042702e4900193d0dcae94b0d03f7b6a9fb545e20c709fd4fb4a1cae95351
-
SSDEEP
384:sxF6Mj9VnRq2Rj9oM+bYO+4kr9oDPlMNcLlb5sVKdyS5Ct:sxF6Mj9V5bDclMNE9o
Score3/10 -
-
-
Target
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-1f2ae650fdefb75fd7775dd7ad86aa81ca7d19595f58b4a07b32a6502079d815
-
Size
32KB
-
MD5
24cc1404f53045420a81c054d26daec7
-
SHA1
986f83fa51663d0f551ea0dc838265d0c23283e9
-
SHA256
1f2ae650fdefb75fd7775dd7ad86aa81ca7d19595f58b4a07b32a6502079d815
-
SHA512
de42f387157436eada861078fc799605167795ca3726d123b1ecc8996b618fde13e0b26c6597146d355e1b6ccc808d721f76ef85efeba2ebcf66f8d06520f8ab
-
SSDEEP
384:ll3kcQnkUoSsJGG5ZfB3yIwt4U3Qu0/7FTgPtTFAqzmVsSiA:lWcQneSwP5ZRs4U3CegsM
-
-
-
Target
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-2f55841f6ccc75acaf8390d8e8c909528a6c62bfd016e788068145c168aec07c
-
Size
32KB
-
MD5
3d9cbe669e5802ff418f24d5c251347d
-
SHA1
c906a8366af35a92e673eafc8fe32202404dd5aa
-
SHA256
2f55841f6ccc75acaf8390d8e8c909528a6c62bfd016e788068145c168aec07c
-
SHA512
01f74185cd9065240cceb18b91f08162ade458fc71197df278c26fe75d6a492b1c47e0f2a854ac730a83186d6734cf5b87c4febb178ee157aa557095842301e8
-
SSDEEP
384:Yl3kcQnkUoSsJGG5ZfB3yIwt4U3Qu0/7FTgPtTFAqzms/sSiR:YWcQneSwP5ZRs4U3CeDsN
-
-
-
Target
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-38c256f94279c37c339b3214008a8a013bba1fdf9baff77ce82ed900d333fd75
-
Size
32KB
-
MD5
4f7c77898af19dedbac4dc1044d0629d
-
SHA1
9c44ba544c678a98e0179c927b892dda12232f96
-
SHA256
38c256f94279c37c339b3214008a8a013bba1fdf9baff77ce82ed900d333fd75
-
SHA512
09cf6487e030907e146093dae06c66d5214bd11a626e27d10da21ffc4ea87f957ae37abd6d82aad27c1564daa9f3cbc2798c444aa46f97e73cb07f31fd390a3c
-
SSDEEP
384:O1x4wBaqvR8OIGGhC35AfTO39WT5tTUFAqzFSVkSKAi:OdB9vRjeCsTBHkX
-