General
-
Target
1400ae6d8a0b2541840bf42af5f697e6a544a1574c75d23faab4cd92137e0034
-
Size
32KB
-
Sample
220415-a5jgfaehhq
-
MD5
5f1f482c1244682a829e224aa40e6de3
-
SHA1
69d8bf75600c47ca57b2fd89d21d27c2c58365ad
-
SHA256
1400ae6d8a0b2541840bf42af5f697e6a544a1574c75d23faab4cd92137e0034
-
SHA512
c2a4ea72edc7f15a1d613cc08f2eee8b343ceae48021c8edccaa79a52f06502c0dad55410d4e92a6592b5fbd2a1b7d9c7f7af480ab0b6f26ee15422b0cdd9738
Static task
static1
Behavioral task
behavioral1
Sample
1400ae6d8a0b2541840bf42af5f697e6a544a1574c75d23faab4cd92137e0034.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1400ae6d8a0b2541840bf42af5f697e6a544a1574c75d23faab4cd92137e0034.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Zombie
112.166.177.15:1
b7df430e3057c59320a80e9e06fb22b0
-
reg_key
b7df430e3057c59320a80e9e06fb22b0
-
splitter
|'|'|
Targets
-
-
Target
1400ae6d8a0b2541840bf42af5f697e6a544a1574c75d23faab4cd92137e0034
-
Size
32KB
-
MD5
5f1f482c1244682a829e224aa40e6de3
-
SHA1
69d8bf75600c47ca57b2fd89d21d27c2c58365ad
-
SHA256
1400ae6d8a0b2541840bf42af5f697e6a544a1574c75d23faab4cd92137e0034
-
SHA512
c2a4ea72edc7f15a1d613cc08f2eee8b343ceae48021c8edccaa79a52f06502c0dad55410d4e92a6592b5fbd2a1b7d9c7f7af480ab0b6f26ee15422b0cdd9738
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-