General
-
Target
ef80911a7277a02a9e4945928bcd28d26459ef7cf025942cab50cb6b3603cff0
-
Size
466KB
-
Sample
220415-clv28sghem
-
MD5
bf4b6012252cf883829f410e1046e42a
-
SHA1
97309564ffa34201b2546dd8350e24820505c487
-
SHA256
ef80911a7277a02a9e4945928bcd28d26459ef7cf025942cab50cb6b3603cff0
-
SHA512
738f63608b14936519ba93e822b957dc1eb17978f05a9cba5eb62ce9c306346d4aa3456ef21daa93751aafbee54916e7ca2a1cde8ea9fad2bf2ec36eb52bad47
Static task
static1
Behavioral task
behavioral1
Sample
ef80911a7277a02a9e4945928bcd28d26459ef7cf025942cab50cb6b3603cff0.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
hacker
gigilolo.hopto.org:6522
c87073769504f742f7bb00ba65dd12f1
-
reg_key
c87073769504f742f7bb00ba65dd12f1
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
ef80911a7277a02a9e4945928bcd28d26459ef7cf025942cab50cb6b3603cff0
-
Size
466KB
-
MD5
bf4b6012252cf883829f410e1046e42a
-
SHA1
97309564ffa34201b2546dd8350e24820505c487
-
SHA256
ef80911a7277a02a9e4945928bcd28d26459ef7cf025942cab50cb6b3603cff0
-
SHA512
738f63608b14936519ba93e822b957dc1eb17978f05a9cba5eb62ce9c306346d4aa3456ef21daa93751aafbee54916e7ca2a1cde8ea9fad2bf2ec36eb52bad47
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-