General
-
Target
f40ab2e2cb9cd887d53fb59b17ba0667d1ccaee0b02aa6965c26e555a73a27dc
-
Size
89KB
-
Sample
220516-naxmgabffm
-
MD5
04563f386e04b3d1bcada891c2ef091b
-
SHA1
2bbff963e56a7d4ed366b14207a8e78f90a88f54
-
SHA256
f40ab2e2cb9cd887d53fb59b17ba0667d1ccaee0b02aa6965c26e555a73a27dc
-
SHA512
ec02fcc84545085ca3c9e4a9fdc5ae0e8156950571b16a2fa4b6f88be822f051ff678d85422c9e4f36bb9cfd9c2a1e1584c9e7046f5541eb0b4a553fb3ba4023
Behavioral task
behavioral1
Sample
f40ab2e2cb9cd887d53fb59b17ba0667d1ccaee0b02aa6965c26e555a73a27dc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f40ab2e2cb9cd887d53fb59b17ba0667d1ccaee0b02aa6965c26e555a73a27dc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
btc
kanon.hopto.org:1177
c9ae44b7fb83fd10071f633942205055
-
reg_key
c9ae44b7fb83fd10071f633942205055
-
splitter
|'|'|
Targets
-
-
Target
f40ab2e2cb9cd887d53fb59b17ba0667d1ccaee0b02aa6965c26e555a73a27dc
-
Size
89KB
-
MD5
04563f386e04b3d1bcada891c2ef091b
-
SHA1
2bbff963e56a7d4ed366b14207a8e78f90a88f54
-
SHA256
f40ab2e2cb9cd887d53fb59b17ba0667d1ccaee0b02aa6965c26e555a73a27dc
-
SHA512
ec02fcc84545085ca3c9e4a9fdc5ae0e8156950571b16a2fa4b6f88be822f051ff678d85422c9e4f36bb9cfd9c2a1e1584c9e7046f5541eb0b4a553fb3ba4023
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-