File name: | Minecraft Checker v2.rar |
Full analysis: | https://app.any.run/tasks/604c53ec-4080-4479-b860-ca1428378942 |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | September 30, 2020, 10:09:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | AFB5323189D4BCCE9B48F23B753531DD |
SHA1: | 4C312764C14100B88A92BE61ABBF396AD553F9F2 |
SHA256: | EC959907F0F8959D388C24F9B0ED2478159F0F1F4E6DE75F31A5A5EC9DEB925D |
SSDEEP: | 6144:lu/MIeXU/Iw8c7/p6RxT6iB7W9j8DfFSXAXg6YuffWqgpr3b4ZXKl4d01sxaULi3:l/IeXAtIT6ip+QwyuqgpDEZXS4dMmLi3 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2520 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Minecraft Checker v2.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3396 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\Minecraft Checker.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\Minecraft Checker.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 1.0.0.0 | ||||
3132 | "C:\Users\admin\AppData\Roaming\VIP72.exe" | C:\Users\admin\AppData\Roaming\VIP72.exe | Minecraft Checker.exe | |
User: admin Integrity Level: MEDIUM Description: Version: 1.0.0.0 | ||||
3108 | netsh firewall add allowedprogram "C:\Users\admin\AppData\Roaming\VIP72.exe" "VIP72.exe" ENABLE | C:\Windows\system32\netsh.exe | — | VIP72.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\pdbz.dat | binary | |
MD5:7FEEBFE4084A0F1F870C634E6643C077 | SHA256:2672FE280A9541E9E3C288AEC1C8072809DAED3E77DB4F9F95A49E279DFE0BDC | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\Minecraft Checker.exe | executable | |
MD5:6DC20E39D9A976EBF6B50F23626616BF | SHA256:DF6F35647AE151FD2ADC8E042F6A8D70E489B812057436DF2639CFE427C003E8 | |||
3396 | Minecraft Checker.exe | C:\Users\admin\AppData\Roaming\VIP72.exe | executable | |
MD5:6DC20E39D9A976EBF6B50F23626616BF | SHA256:DF6F35647AE151FD2ADC8E042F6A8D70E489B812057436DF2639CFE427C003E8 | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\Read before using.txt | text | |
MD5:37C2BB6B29E924F13E28E1D00896088A | SHA256:2F2958D1A7334C6B43777311A8C6D3C08107D9418394267F5627A798412C0106 | |||
3132 | VIP72.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\63951ff13995ee572862321383fecced.exe | executable | |
MD5:6DC20E39D9A976EBF6B50F23626616BF | SHA256:DF6F35647AE151FD2ADC8E042F6A8D70E489B812057436DF2639CFE427C003E8 | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\MetroSuite 2.0.dll | executable | |
MD5:0D30A398CEC0FF006B6EA2B52D11E744 | SHA256:8604BF2A1FE2E94DC1EA1FBD0CF54E77303493B93994DF48479DC683580AA654 | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\Qoollo.Turbo.dll | executable | |
MD5:4E8246DF4EE956EC273C4BAA2054593C | SHA256:1172732FD0FE6B679F5C6BF750598133DC815622C55EF1FA84087087BF42B495 | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2520.43489\Minecraft Checker v2\xNet.dll | executable | |
MD5:158DEFD55A804AA8D4D67BFDF7A4AF9C | SHA256:6C7EC4CC31A2CE0B97703B7A42E3448E9B87D96DDA12761CA24D8787AC27CFF1 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3132 | VIP72.exe | 3.134.252.206:2255 | recreciptor.hopto.org | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
recreciptor.hopto.org |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.hopto .org |