General
-
Target
08a16325eb4523ff4193355516d182c1e8fcb3016409c92193f51053dd4fe180
-
Size
123KB
-
Sample
220503-sgjfmscddn
-
MD5
946333d7d6a396ab789cb72f74c7f9aa
-
SHA1
07391a865a6c0d781fae9754872d05437bd2ced5
-
SHA256
08a16325eb4523ff4193355516d182c1e8fcb3016409c92193f51053dd4fe180
-
SHA512
382cca85edecb737762c14eee850fc887745be8d1e33cf4f9521db42dcaed95d23c342532e015c6a7e792f2fde72161e064405147b3060850aa6d9139ed858df
Static task
static1
Behavioral task
behavioral1
Sample
08a16325eb4523ff4193355516d182c1e8fcb3016409c92193f51053dd4fe180.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
08a16325eb4523ff4193355516d182c1e8fcb3016409c92193f51053dd4fe180.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Hacked By HiDDen PerSOn
e6be5f00f026aa28102ba2f0df8f3ec3
-
reg_key
e6be5f00f026aa28102ba2f0df8f3ec3
Targets
-
-
Target
08a16325eb4523ff4193355516d182c1e8fcb3016409c92193f51053dd4fe180
-
Size
123KB
-
MD5
946333d7d6a396ab789cb72f74c7f9aa
-
SHA1
07391a865a6c0d781fae9754872d05437bd2ced5
-
SHA256
08a16325eb4523ff4193355516d182c1e8fcb3016409c92193f51053dd4fe180
-
SHA512
382cca85edecb737762c14eee850fc887745be8d1e33cf4f9521db42dcaed95d23c342532e015c6a7e792f2fde72161e064405147b3060850aa6d9139ed858df
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-