General
-
Target
3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
-
Size
2.1MB
-
Sample
220310-3zk3asdbg4
-
MD5
c0d3b6f38e5253f59f2f15cdcf14edf0
-
SHA1
4442c0d76b86470ebd8d8cea91382107ff9ad96d
-
SHA256
3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
-
SHA512
578d245a5e7444a741d946dd20b7e9506ac7436ed08132af7549d12f293b9e92d9c3c7174284c92a7a8802211799dc09847f3428c758da0632c471b3aa80e696
Static task
static1
Behavioral task
behavioral1
Sample
3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6.exe
Resource
win7-20220223-en
Malware Config
Extracted
njrat
0.7d
HacK
127.0.0.1:1234
8a6179254fb2f1e73fe707c1a92f1876
-
reg_key
8a6179254fb2f1e73fe707c1a92f1876
-
splitter
|'|'|
Targets
-
-
Target
3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
-
Size
2.1MB
-
MD5
c0d3b6f38e5253f59f2f15cdcf14edf0
-
SHA1
4442c0d76b86470ebd8d8cea91382107ff9ad96d
-
SHA256
3f16985a58d42af0b56b8cbcefbfea709d32b3041633c4037f4d46cddb6b16e6
-
SHA512
578d245a5e7444a741d946dd20b7e9506ac7436ed08132af7549d12f293b9e92d9c3c7174284c92a7a8802211799dc09847f3428c758da0632c471b3aa80e696
Score10/10-
Nirsoft
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-