General
-
Target
44f75cefb271fed1820a98845e7b4de27250ec5d35b431b96bdb3ae012876670
-
Size
23KB
-
Sample
220515-z8mqpsfha7
-
MD5
b0847a911269690bdd94e5e02615483e
-
SHA1
085c68285e372d49604ad35206ef124882593c3e
-
SHA256
44f75cefb271fed1820a98845e7b4de27250ec5d35b431b96bdb3ae012876670
-
SHA512
178d0bf64687a7a9b1d1596b52d3b2d9d18971722f71c5ec3482ef5c56f0f008e36ea8d8852be751cdc697a63fc16d42e143af7bb2e8887cabf5c7d94ba0d6db
Behavioral task
behavioral1
Sample
44f75cefb271fed1820a98845e7b4de27250ec5d35b431b96bdb3ae012876670.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
Hallaj PRO Rat [Fixed]
14
mscompany.dynu.com:50001
a3bab510026d2f855af4149e862799fb
-
reg_key
a3bab510026d2f855af4149e862799fb
-
splitter
boolLove
Targets
-
-
Target
44f75cefb271fed1820a98845e7b4de27250ec5d35b431b96bdb3ae012876670
-
Size
23KB
-
MD5
b0847a911269690bdd94e5e02615483e
-
SHA1
085c68285e372d49604ad35206ef124882593c3e
-
SHA256
44f75cefb271fed1820a98845e7b4de27250ec5d35b431b96bdb3ae012876670
-
SHA512
178d0bf64687a7a9b1d1596b52d3b2d9d18971722f71c5ec3482ef5c56f0f008e36ea8d8852be751cdc697a63fc16d42e143af7bb2e8887cabf5c7d94ba0d6db
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-