General
-
Target
8a1b2f098dcf0dd3740ab243f02f83fd8b3129f3b88aa986d10ec4eeb183e01f
-
Size
332KB
-
Sample
220203-tdyxlabecj
-
MD5
349d353065a260a6cb340666ae9d5f06
-
SHA1
049c76e212e1e7368c368eb1b47bf18df84f2d61
-
SHA256
8a1b2f098dcf0dd3740ab243f02f83fd8b3129f3b88aa986d10ec4eeb183e01f
-
SHA512
ecd932d518ef32d2c6c25927c9f0298ab380651078df8b3c837ad7027875574b9bb2764f9ac22bc30d65f816313dbf77554b688bcbaec5a1519c0fa6f1fe5293
Static task
static1
Behavioral task
behavioral1
Sample
8a1b2f098dcf0dd3740ab243f02f83fd8b3129f3b88aa986d10ec4eeb183e01f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8a1b2f098dcf0dd3740ab243f02f83fd8b3129f3b88aa986d10ec4eeb183e01f.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
njrat
0.7d
Victime
kouji.ddns.net:1177
3c8548e6ad9ecf00a0a44c81e84745f1
-
reg_key
3c8548e6ad9ecf00a0a44c81e84745f1
-
splitter
|'|'|
Targets
-
-
Target
8a1b2f098dcf0dd3740ab243f02f83fd8b3129f3b88aa986d10ec4eeb183e01f
-
Size
332KB
-
MD5
349d353065a260a6cb340666ae9d5f06
-
SHA1
049c76e212e1e7368c368eb1b47bf18df84f2d61
-
SHA256
8a1b2f098dcf0dd3740ab243f02f83fd8b3129f3b88aa986d10ec4eeb183e01f
-
SHA512
ecd932d518ef32d2c6c25927c9f0298ab380651078df8b3c837ad7027875574b9bb2764f9ac22bc30d65f816313dbf77554b688bcbaec5a1519c0fa6f1fe5293
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-