General
-
Target
60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
-
Size
113KB
-
Sample
220511-czleysgdbr
-
MD5
804ab4cb9903d259120e591ac565e5c0
-
SHA1
11955010086627d54c94c1172455c71417f0a31d
-
SHA256
60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
-
SHA512
180b4eaf31a94ab689e5c4214f521f88e3fa7c6ca273e2e3ae86f65fa9140d743e8a2a996c441d06df39731b2235d73e59c34dc0cd195214475911f1f73ab528
Static task
static1
Behavioral task
behavioral1
Sample
60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
hack
thec0de-22249.portmap.io:22249
ac92d1ea6bee0411dba544616f4313da
-
reg_key
ac92d1ea6bee0411dba544616f4313da
-
splitter
|'|'|
Targets
-
-
Target
60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
-
Size
113KB
-
MD5
804ab4cb9903d259120e591ac565e5c0
-
SHA1
11955010086627d54c94c1172455c71417f0a31d
-
SHA256
60750c9f862c0e8d042d8d7be60e1701c57b2a5da6ff58dca31e54a7a0785549
-
SHA512
180b4eaf31a94ab689e5c4214f521f88e3fa7c6ca273e2e3ae86f65fa9140d743e8a2a996c441d06df39731b2235d73e59c34dc0cd195214475911f1f73ab528
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-