General
-
Target
3fea4293884a17a3f087ad02edb9cf23762085bd39b189b5875bf3f00f3cd688
-
Size
56KB
-
Sample
220329-xfpcqahha7
-
MD5
a18ec598943bf1d2385feb79528082e8
-
SHA1
39069a6598657ae0dc9ede722cecd629a8c9d315
-
SHA256
3fea4293884a17a3f087ad02edb9cf23762085bd39b189b5875bf3f00f3cd688
-
SHA512
dd1e9c0562a56c58b39501bb07c66450692ad0387fb4b8b580c74371dc83bc5ed7815c6cb7fc72200ade593b724a4eef9ede4be0d7be0fad40db8736c1bf8ecd
Static task
static1
Behavioral task
behavioral1
Sample
3fea4293884a17a3f087ad02edb9cf23762085bd39b189b5875bf3f00f3cd688.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
3fea4293884a17a3f087ad02edb9cf23762085bd39b189b5875bf3f00f3cd688.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
njrat
Zombie
2b0b46ffac65ee5caab788b335debf15
-
reg_key
2b0b46ffac65ee5caab788b335debf15
Targets
-
-
Target
3fea4293884a17a3f087ad02edb9cf23762085bd39b189b5875bf3f00f3cd688
-
Size
56KB
-
MD5
a18ec598943bf1d2385feb79528082e8
-
SHA1
39069a6598657ae0dc9ede722cecd629a8c9d315
-
SHA256
3fea4293884a17a3f087ad02edb9cf23762085bd39b189b5875bf3f00f3cd688
-
SHA512
dd1e9c0562a56c58b39501bb07c66450692ad0387fb4b8b580c74371dc83bc5ed7815c6cb7fc72200ade593b724a4eef9ede4be0d7be0fad40db8736c1bf8ecd
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-