General
-
Target
8f504845a4bca5527b3e3d283140d250e7c98effb4ab2811377d8240407fb24b
-
Size
140KB
-
Sample
220329-138lnagbal
-
MD5
cb88e2a5631c6ef481af0803950c5e00
-
SHA1
f99b8bf66f2629e313e04e8a4cce7a69758fa647
-
SHA256
8f504845a4bca5527b3e3d283140d250e7c98effb4ab2811377d8240407fb24b
-
SHA512
9ba281c90ed85b65cfb9cdddb82d7b3e65403fd8869bd15cc65bbe8dbb82bcab2084517e6698942864b8ad018a13666622a90fd2ad97e6ef60ff8993d9da5fb5
Static task
static1
Behavioral task
behavioral1
Sample
8f504845a4bca5527b3e3d283140d250e7c98effb4ab2811377d8240407fb24b.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
8f504845a4bca5527b3e3d283140d250e7c98effb4ab2811377d8240407fb24b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
njrat
im523
Hacker
192.168.0.22:5552
0d122dd52a6e1fabf394b30dede2ed0a
-
reg_key
0d122dd52a6e1fabf394b30dede2ed0a
-
splitter
|'|'|
Targets
-
-
Target
8f504845a4bca5527b3e3d283140d250e7c98effb4ab2811377d8240407fb24b
-
Size
140KB
-
MD5
cb88e2a5631c6ef481af0803950c5e00
-
SHA1
f99b8bf66f2629e313e04e8a4cce7a69758fa647
-
SHA256
8f504845a4bca5527b3e3d283140d250e7c98effb4ab2811377d8240407fb24b
-
SHA512
9ba281c90ed85b65cfb9cdddb82d7b3e65403fd8869bd15cc65bbe8dbb82bcab2084517e6698942864b8ad018a13666622a90fd2ad97e6ef60ff8993d9da5fb5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-