General
-
Target
191c43de4894c5d4d3a3ff66a0d51e7f98aed976c9c389ecd2fe459fbbcfb753
-
Size
248KB
-
Sample
220207-d5slwsehd4
-
MD5
6fb70abeb57e856bc0d6c6f16a83a657
-
SHA1
3c3ed799b2e35f0d2f20931ee76357057f8b9dd9
-
SHA256
191c43de4894c5d4d3a3ff66a0d51e7f98aed976c9c389ecd2fe459fbbcfb753
-
SHA512
a5972037e155d949dad4c36e4d08f473ee844f43b30acec79c1afa8fd005cbb261bcfeb73ddec2e10482b14a9ee9e4fd716ffccb16339f3c281aab96d5449f13
Static task
static1
Behavioral task
behavioral1
Sample
191c43de4894c5d4d3a3ff66a0d51e7f98aed976c9c389ecd2fe459fbbcfb753.exe
Resource
win7-en-20211208
Malware Config
Extracted
njrat
0.6.4
chrome
tawta5rafih.zapto.org:1177
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
191c43de4894c5d4d3a3ff66a0d51e7f98aed976c9c389ecd2fe459fbbcfb753
-
Size
248KB
-
MD5
6fb70abeb57e856bc0d6c6f16a83a657
-
SHA1
3c3ed799b2e35f0d2f20931ee76357057f8b9dd9
-
SHA256
191c43de4894c5d4d3a3ff66a0d51e7f98aed976c9c389ecd2fe459fbbcfb753
-
SHA512
a5972037e155d949dad4c36e4d08f473ee844f43b30acec79c1afa8fd005cbb261bcfeb73ddec2e10482b14a9ee9e4fd716ffccb16339f3c281aab96d5449f13
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-