General
-
Target
ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
-
Size
37KB
-
Sample
220520-1avjbsgham
-
MD5
aea0c83fee15dc36f461043f28d613eb
-
SHA1
9b4abebcfadbfb43776e7b62f2c255bb1c3b87e2
-
SHA256
ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
-
SHA512
550cc1f49fdf75f810b424f62225704a67c6acc381e9641cdb6becc058df32aea4ecb36bffa498334167e735bcc9e3ac894e2580e8cde375fb035ce7388f400f
Behavioral task
behavioral1
Sample
ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
127.0.0.1:5552
61636496e2350661a609e72e29ad1491
-
reg_key
61636496e2350661a609e72e29ad1491
-
splitter
|'|'|
Targets
-
-
Target
ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
-
Size
37KB
-
MD5
aea0c83fee15dc36f461043f28d613eb
-
SHA1
9b4abebcfadbfb43776e7b62f2c255bb1c3b87e2
-
SHA256
ba4be052de9286a4a3afac7cf82236f9dde078edf50ce3d230f92decfcb8f2bd
-
SHA512
550cc1f49fdf75f810b424f62225704a67c6acc381e9641cdb6becc058df32aea4ecb36bffa498334167e735bcc9e3ac894e2580e8cde375fb035ce7388f400f
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-