File name: | Stongion's Hacking Accounts Archive.rar |
Full analysis: | https://app.any.run/tasks/f3aa9b88-c539-4e8d-8c07-c50c31512102 |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | February 10, 2019, 17:35:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 1E966D167F753E74D1773F0AB2CA4927 |
SHA1: | 7BA632E43F121D12BAC9871381D9AD01C3B90AC0 |
SHA256: | 2D759ACB2C12C03BBD0213E6F837DC18F9C432A6812CC1138AB6FBCC08F9554C |
SSDEEP: | 98304:Z+0be8lAG6PNUTvONXz46ynT9m5AfOJwW+kP28OxVHcgl9t2wtMiUl5q:ZHzlAG6PNmYKAA2/+kPEV8gh2wtMnq |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3104 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Stongion's Hacking Accounts Archive.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3856 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\AAPBuilder V2.3.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\AAPBuilder V2.3.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
2204 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\AAPBuilder V2.3.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\AAPBuilder V2.3.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3668 | "C:\Users\admin\AppData\Local\Temp\AAPBuilderV2.3.exe" | C:\Users\admin\AppData\Local\Temp\AAPBuilderV2.3.exe | AAPBuilder V2.3.exe | |
User: admin Integrity Level: HIGH Exit code: 0 Version: 1.0.0.0 | ||||
3212 | "C:\Users\admin\AppData\Local\Temp\wsc.exe" | C:\Users\admin\AppData\Local\Temp\wsc.exe | AAPBuilder V2.3.exe | |
User: admin Integrity Level: HIGH | ||||
2756 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\New Text Document.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.Runtime.pdb | pdb | |
MD5:B39DB5B66914626BC9B8ED214A29283D | SHA256:59CE00213B95F2DA44536F90AF0C871CA4D8A49732FBBF27E287FE17B4EE64F7 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.Core.dll | executable | |
MD5:A539E3893F5638AF8E47BC0AE42112F8 | SHA256:D0B6F76583C03D3177BF13BE786F18DF516FDE57B20A95866FD2581C17507B06 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.Protections.pdb | pdb | |
MD5:04C5836D150BD846E0263285B9F975A1 | SHA256:96A0BA1556678FC2978800E4E62D697BF44AE5F54E65CD606761583B00278FF8 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.Core.xml | xml | |
MD5:54EBA6532546D1219E65AF2DBA4A569A | SHA256:7F6BD9643DD07D9EDC8EA01D8260772D0C046FDE86A23D7EE57CC8E7E3449B9F | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.CLI.exe | executable | |
MD5:DB5AA0841670D3D0D843DE8D700C8BF7 | SHA256:C820416D010D99FBB9A7C531F4A0A13C1015F2F93C744E8EC4900CB2BCC6EFA9 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.DynCipher.pdb | pdb | |
MD5:B8309C2C84A1EA9F9CA92A4F8350E032 | SHA256:CB8647A49EC8BFC4925E550704526FB77A372122088062EB06D4E10499EB5AD1 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.Renamer.pdb | pdb | |
MD5:3251C3136FD79AFD04DB963BE7DCE409 | SHA256:4DC27F6E4665383E7643A6C5D7DA233FA5E9BD090B66720A555E359E442B2566 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\ConfuserEx Modded By Stongion.exe | executable | |
MD5:0E6407F7A7F1682E78EB7922B402E726 | SHA256:CE071C0D4584A13A018D0BF899BAF1E3316A7504B8AE2123B72695FCD2C08512 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.Renamer.dll | executable | |
MD5:D802F4E7EBF2FE872C3C0409A6B6AFCB | SHA256:A9CC1DA07480C73131B428B8E87BC705084CCFF48E3A1D7F7FBD994FB10C0D05 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3104.20589\ConfuserEx Modded\Confuser.CLI.pdb | pdb | |
MD5:31436CDE65157CA4D874BF32B130659C | SHA256:690CA6638C3E7834D30FA85889F218C16643F09D934FC2BBFE80B96604EF7F4F |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3212 | wsc.exe | 94.54.179.75:81 | — | Turksat Uydu Haberlesme ve Kablo TV Isletme A.S. | TR | malicious |
PID | Process | Class | Message |
---|---|---|---|
3212 | wsc.exe | A Network Trojan was detected | MALWARE [PTsecurity] njRAT.Gen RAT outbound connection |