General
-
Target
2df505b37c492a622e2b5175beeb6a6248b69c5183960fd0464d7f82b7ef02f5
-
Size
101KB
-
Sample
220330-c6dzfsbabq
-
MD5
73fa54775bec045e8c86793ec7c00dc2
-
SHA1
5a204c087e9fb1a3426ac4adaa1b38b5aa87bba9
-
SHA256
2df505b37c492a622e2b5175beeb6a6248b69c5183960fd0464d7f82b7ef02f5
-
SHA512
e319f2f7c19cfefd5d4ee97f07692b00e85de2c47b0e7ce9b97fe3c2ed1270a1059089d1135ac315d8df23e34f828674f630948ec2dc1b9998071cfcdf7cb91e
Static task
static1
Behavioral task
behavioral1
Sample
2df505b37c492a622e2b5175beeb6a6248b69c5183960fd0464d7f82b7ef02f5.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
2df505b37c492a622e2b5175beeb6a6248b69c5183960fd0464d7f82b7ef02f5.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
njrat
im523
Hacker
192.168.0.22:5552
0d122dd52a6e1fabf394b30dede2ed0a
-
reg_key
0d122dd52a6e1fabf394b30dede2ed0a
-
splitter
|'|'|
Targets
-
-
Target
2df505b37c492a622e2b5175beeb6a6248b69c5183960fd0464d7f82b7ef02f5
-
Size
101KB
-
MD5
73fa54775bec045e8c86793ec7c00dc2
-
SHA1
5a204c087e9fb1a3426ac4adaa1b38b5aa87bba9
-
SHA256
2df505b37c492a622e2b5175beeb6a6248b69c5183960fd0464d7f82b7ef02f5
-
SHA512
e319f2f7c19cfefd5d4ee97f07692b00e85de2c47b0e7ce9b97fe3c2ed1270a1059089d1135ac315d8df23e34f828674f630948ec2dc1b9998071cfcdf7cb91e
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-