General
-
Target
e31cd38cd582f385eed29f382b3bef2fa23e32b24e4ea758a16809e38f4476cb
-
Size
6.3MB
-
Sample
220327-g77elsecc6
-
MD5
502fb0fda9f06b7adfd7963d721e82c4
-
SHA1
91f3f1a03db7a41af447bc03bf3d79698e4dfe45
-
SHA256
e31cd38cd582f385eed29f382b3bef2fa23e32b24e4ea758a16809e38f4476cb
-
SHA512
aee2309fb16c6067c7fd0d9166f255bc28b96f0e7312aaf4f2e6e0fa73d241aeeddf2379b766ba49ba22fb200c91ef8a762b75c4ff0f537ed9976a7317d095fe
Static task
static1
Behavioral task
behavioral1
Sample
e31cd38cd582f385eed29f382b3bef2fa23e32b24e4ea758a16809e38f4476cb.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
e31cd38cd582f385eed29f382b3bef2fa23e32b24e4ea758a16809e38f4476cb.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
njrat
Hacked By HiDDen PerSOn
f61357b8b080724a5c9d83bf17ac5a23
-
reg_key
f61357b8b080724a5c9d83bf17ac5a23
Targets
-
-
Target
e31cd38cd582f385eed29f382b3bef2fa23e32b24e4ea758a16809e38f4476cb
-
Size
6.3MB
-
MD5
502fb0fda9f06b7adfd7963d721e82c4
-
SHA1
91f3f1a03db7a41af447bc03bf3d79698e4dfe45
-
SHA256
e31cd38cd582f385eed29f382b3bef2fa23e32b24e4ea758a16809e38f4476cb
-
SHA512
aee2309fb16c6067c7fd0d9166f255bc28b96f0e7312aaf4f2e6e0fa73d241aeeddf2379b766ba49ba22fb200c91ef8a762b75c4ff0f537ed9976a7317d095fe
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-