General
-
Target
Server.exe
-
Size
93KB
-
Sample
241216-nq7sdayncz
-
MD5
4106c643751ca405526c35082b61e21e
-
SHA1
a00c03ab8b002b561489b2ef981a23136523949d
-
SHA256
6cd803552c3fccea87f24655af28a08bef2593590c6d418f8e6157c50a4f3938
-
SHA512
a780ed987ad64983c21a44a84285f1cd00d5e32449c85bdf1ffc7822424bec3c7bcf4823071268989a5a6f583d01e98a632a999eba0d8b613ffe8fc77419bbdb
-
SSDEEP
1536:JcwC+xhUa9urgOBPmNvM4jEwzGi1dDUD+gS:JcmUa9urgOkdGi1d6j
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Server.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
fucked
hakim32.ddns.net:2000
november-knife.gl.at.ply.gg:31521
b441dab2dad78af5af045a19f94e9c80
-
reg_key
b441dab2dad78af5af045a19f94e9c80
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
4106c643751ca405526c35082b61e21e
-
SHA1
a00c03ab8b002b561489b2ef981a23136523949d
-
SHA256
6cd803552c3fccea87f24655af28a08bef2593590c6d418f8e6157c50a4f3938
-
SHA512
a780ed987ad64983c21a44a84285f1cd00d5e32449c85bdf1ffc7822424bec3c7bcf4823071268989a5a6f583d01e98a632a999eba0d8b613ffe8fc77419bbdb
-
SSDEEP
1536:JcwC+xhUa9urgOBPmNvM4jEwzGi1dDUD+gS:JcmUa9urgOkdGi1d6j
-
Modifies Windows Firewall
-
Drops startup file
-