General
-
Target
4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d
-
Size
76KB
-
Sample
220502-w5nl2sdag5
-
MD5
6ba4110a57c59dcbb40834a764696180
-
SHA1
8df62aafd0105f9bdf0b57caa4548ca8e9576b5b
-
SHA256
4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d
-
SHA512
d17035cfab6572e61a3ebb1b2938ee025ae9302d1943efd72d437db8f56cfb28ebcb8e53e283a311da6d959f1b57daf94e8314bc742b3d53890effca8ddfe95e
Static task
static1
Behavioral task
behavioral1
Sample
4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Youtube
194.33.45.46:4785
7cd689923ff88e7744796cbd311fd268
-
reg_key
7cd689923ff88e7744796cbd311fd268
-
splitter
|'|'|
Targets
-
-
Target
4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d
-
Size
76KB
-
MD5
6ba4110a57c59dcbb40834a764696180
-
SHA1
8df62aafd0105f9bdf0b57caa4548ca8e9576b5b
-
SHA256
4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d
-
SHA512
d17035cfab6572e61a3ebb1b2938ee025ae9302d1943efd72d437db8f56cfb28ebcb8e53e283a311da6d959f1b57daf94e8314bc742b3d53890effca8ddfe95e
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-