File name: | 1.rar |
Full analysis: | https://app.any.run/tasks/f3463ae1-22c6-4918-825a-b152778f18aa |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | April 25, 2019, 14:23:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 39F7364B33E2D41DFFDEA06B4A39DE5A |
SHA1: | F01E0BA9367B2ED8C76D9029DDBBA270E4316D42 |
SHA256: | F4BA20CFA3D260B55A3F8FEC42ACDA144C088D200140A2F978CF3113A48020BA |
SSDEEP: | 196608:mA62Qzv4IxwlJoRdNYi3gFCKTdfVXFITHru2ISWxHNAi/+PHkRBzKUv+Ie:j62QdxwGz3ggOdNXKXubvAhcaUv+P |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3268 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
948 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2036 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1100 | "C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\GoldFlix Checker.exe" | C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\GoldFlix Checker.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: WindowsApplication1 Exit code: 0 Version: 1.0.0.0 | ||||
2356 | "C:\Windows\winconfig.exe" | C:\Windows\winconfig.exe | GoldFlix Checker.exe | |
User: admin Integrity Level: HIGH Description: WindowsApplication1 Version: 1.0.0.0 | ||||
3140 | netsh firewall add allowedprogram "C:\Windows\winconfig.exe" "winconfig.exe" ENABLE | C:\Windows\system32\netsh.exe | — | winconfig.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\Combo\Cards2.txt | — | |
MD5:— | SHA256:— | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\HQ Proxy\HQ for Netflix.url | — | |
MD5:— | SHA256:— | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\HQ Proxy\SOCKS 4 for netflix.txt | — | |
MD5:— | SHA256:— | |||
2036 | explorer.exe | C:\Users\admin\Desktop\Cracking Netflix GiftCards | — | |
MD5:— | SHA256:— | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\Read before use ( WHY NOT LAUNCH ).txt | text | |
MD5:B07BBB689C7984899FA3185952426A0E | SHA256:90B509E2141815468B6A3192C6FD432A3F630B14DC4892FB7B8D7DD1819129B8 | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\Combo\Cards1.txt | text | |
MD5:E66728F8F7B9F6F748AD1D31A0CC3CAB | SHA256:C2D02BDFFF17F7D973FC2E538D8CFE37AC41FC742BB46FCF6E4D86700417056C | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\Working.PNG | image | |
MD5:2B25ACAA6A34EEF1AE779E6E1C69B1A5 | SHA256:DE2F22F9106FA745BD831E12AAF732B9264634DD666868A264AF79C457E68F77 | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\2018 Gift card checker\NetFlix GC Checker by xRisky.exe | executable | |
MD5:C20FE813CE74AFAAECC2963ED2F38399 | SHA256:0A33AC7F5C5A236E63FF5CC404F39364D6F571601C85484C24E5B4B33B3D5B70 | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\VirusTotal.txt | text | |
MD5:50473E81C12A69B1914E45206A6C7E31 | SHA256:89E9633664AD0CF1CEA8E244C632057F20572B53CDBB8311676F4A7F0DC02B4F | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.26109\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\Youtube Tutorial.url | text | |
MD5:9FB855B58E65838E920535A1F85D6436 | SHA256:7B7C8B236B26A90A5D3A5088725512658BDB3088AD124E38C883A8344955628F |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2356 | winconfig.exe | 197.26.52.162:1411 | hccr.sytes.net | Tunisia BackBone AS | TN | malicious |
Domain | IP | Reputation |
---|---|---|
hccr.sytes.net |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2356 | winconfig.exe | A Network Trojan was detected | MALWARE [PTsecurity] njRAT.Gen RAT outbound connection |
2356 | winconfig.exe | A Network Trojan was detected | ET TROJAN Bladabindi/njRAT CnC Command (ll) |