General
-
Target
z2d6Yt5v.exe
-
Size
23KB
-
Sample
201121-dh9l2gmn9s
-
MD5
9bb6d4f72a348ad47cc97185604f4dd9
-
SHA1
7384957e8a29f517654fcbd905861574e772d3ed
-
SHA256
0a170ca414d288bc25ebb5ce92ccd51ff0f62b1479d669172194bf0067601df1
-
SHA512
3a1e4c94afd24c89a256deca640467c833547fe431c2041f3afc6fafdd3551f7d4f14edfa5be6099901d4bb38526fdfe197702dd334c74d98951887187cf2c48
Static task
static1
Behavioral task
behavioral1
Sample
z2d6Yt5v.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
z2d6Yt5v.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
Bouffon
noiphack93.hopto.org:5553
af48625ee196d906557ab2d838a9cc2f
-
reg_key
af48625ee196d906557ab2d838a9cc2f
-
splitter
|'|'|
Targets
-
-
Target
z2d6Yt5v.exe
-
Size
23KB
-
MD5
9bb6d4f72a348ad47cc97185604f4dd9
-
SHA1
7384957e8a29f517654fcbd905861574e772d3ed
-
SHA256
0a170ca414d288bc25ebb5ce92ccd51ff0f62b1479d669172194bf0067601df1
-
SHA512
3a1e4c94afd24c89a256deca640467c833547fe431c2041f3afc6fafdd3551f7d4f14edfa5be6099901d4bb38526fdfe197702dd334c74d98951887187cf2c48
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-