We are hiring! Windows Kernel Developer (Remote), apply here!
flash

itVg5XA6eK.exe

Status: finished
Submission Time: 2022-11-24 19:41:08 +01:00
Malicious
Trojan
Adware
Spyware
Evader
njRat

Comments

Tags

  • exe
  • njrat
  • RAT

Details

  • Analysis ID:
    753416
  • API (Web) ID:
    1120699
  • Analysis Started:
    2022-11-24 19:41:09 +01:00
  • Analysis Finished:
    2022-11-24 19:47:28 +01:00
  • MD5:
    8533ef6f79e259e9e5fe7c28f1fcd372
  • SHA1:
    48c1f9b2a798a374b6e8c2e5fb655c19e5fa2ed3
  • SHA256:
    bbc8cabc1ba4f81d1ee316d3869ed8e61c91840cb533abee708a3099ab196470
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
55/72

malicious
26/26

malicious

malicious

IPs

IP Country Detection
41.109.68.239
Algeria

Domains

Name IP Detection
h43vipforyou.ddns.net
41.109.68.239

URLs

Name Detection
h43vipforyou.ddns.net

Dropped files

Name File Type Hashes Detection
C:\ProgramData\rejdit_free_fire.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\itVg5XA6eK.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\869b16e2825dce24066aba38ee1a9add.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rejdit_free_fire.exe.log
ASCII text, with CRLF line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#