General
-
Target
44e0a0bd06c0afcc3b924dd0e6bd6ef612451b021feea961191284b2e2860c9c
-
Size
1.2MB
-
Sample
220507-3xatjsadh3
-
MD5
5cda7bb96fd61ed046a3a9f592755eee
-
SHA1
7c36cf881fee556dd47163f02a0b0cb291448511
-
SHA256
44e0a0bd06c0afcc3b924dd0e6bd6ef612451b021feea961191284b2e2860c9c
-
SHA512
5c961d6da96dbffea2183562dd4c4fec4748877182c2480b5b2f3f812175a8069e22eda0ef0c1ee7e2088beb8e9755e5d42323b7de44fb420140f7bfd9bbdeb5
Static task
static1
Behavioral task
behavioral1
Sample
44e0a0bd06c0afcc3b924dd0e6bd6ef612451b021feea961191284b2e2860c9c.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
Hacked By HiDDen PerSOn
112.154.163.88:5229
f5e41d47f6d9dda87c262a74fd37f87c
-
reg_key
f5e41d47f6d9dda87c262a74fd37f87c
-
splitter
|'|'|
Targets
-
-
Target
44e0a0bd06c0afcc3b924dd0e6bd6ef612451b021feea961191284b2e2860c9c
-
Size
1.2MB
-
MD5
5cda7bb96fd61ed046a3a9f592755eee
-
SHA1
7c36cf881fee556dd47163f02a0b0cb291448511
-
SHA256
44e0a0bd06c0afcc3b924dd0e6bd6ef612451b021feea961191284b2e2860c9c
-
SHA512
5c961d6da96dbffea2183562dd4c4fec4748877182c2480b5b2f3f812175a8069e22eda0ef0c1ee7e2088beb8e9755e5d42323b7de44fb420140f7bfd9bbdeb5
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-