General
-
Target
277a2404fd4b34ba64813a529d1029bd7f1971b14a09df35e382ae639c3c28a2
-
Size
1.2MB
-
Sample
210228-y2xned61wx
-
MD5
6382e1ba0bdcd1a586f97e1e20f77868
-
SHA1
2cc4ae531be8b82dccf3c4c14e326307e2926658
-
SHA256
277a2404fd4b34ba64813a529d1029bd7f1971b14a09df35e382ae639c3c28a2
-
SHA512
c87b8082c6e4e58772fc189f64c64c89ced21cee1530dbf785e3e540163821f30fe9113671e5ddab3922468713f21c0a0784de869c2863ba362e09c9a1765ad3
Static task
static1
Behavioral task
behavioral1
Sample
277a2404fd4b34ba64813a529d1029bd7f1971b14a09df35e382ae639c3c28a2.exe
Resource
win7v20201028
Malware Config
Extracted
njrat
0.7d
HNZ-SHOP
*TI3LjAu*C4x:5552
316cc8fdf2ba11b55349f6a002cabe83
-
reg_key
316cc8fdf2ba11b55349f6a002cabe83
-
splitter
|'|'|
Targets
-
-
Target
277a2404fd4b34ba64813a529d1029bd7f1971b14a09df35e382ae639c3c28a2
-
Size
1.2MB
-
MD5
6382e1ba0bdcd1a586f97e1e20f77868
-
SHA1
2cc4ae531be8b82dccf3c4c14e326307e2926658
-
SHA256
277a2404fd4b34ba64813a529d1029bd7f1971b14a09df35e382ae639c3c28a2
-
SHA512
c87b8082c6e4e58772fc189f64c64c89ced21cee1530dbf785e3e540163821f30fe9113671e5ddab3922468713f21c0a0784de869c2863ba362e09c9a1765ad3
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-