General
-
Target
e7a1faa506b5a48641fd51224b4b9a5da0c39698eaa6c2f58902690ae2645196
-
Size
37KB
-
Sample
220520-1n5w8aebc4
-
MD5
fd12ad5947e83d65c181db1ec4bbe214
-
SHA1
494d0349697f7bd8e5070b1d1f74156f986cf611
-
SHA256
e7a1faa506b5a48641fd51224b4b9a5da0c39698eaa6c2f58902690ae2645196
-
SHA512
fdf3478853b91d8f4597eda1b2093eac5c7de85bf32c1e4af6e534789e543e037b468fb6386cec7450f16bb846c587446c20933b5f6389622d2f90fcfaf5e084
Behavioral task
behavioral1
Sample
e7a1faa506b5a48641fd51224b4b9a5da0c39698eaa6c2f58902690ae2645196.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
svalkabomja333.hopto.org:1978
ebdf784e4c631a8b558a06107e351925
-
reg_key
ebdf784e4c631a8b558a06107e351925
-
splitter
|'|'|
Targets
-
-
Target
e7a1faa506b5a48641fd51224b4b9a5da0c39698eaa6c2f58902690ae2645196
-
Size
37KB
-
MD5
fd12ad5947e83d65c181db1ec4bbe214
-
SHA1
494d0349697f7bd8e5070b1d1f74156f986cf611
-
SHA256
e7a1faa506b5a48641fd51224b4b9a5da0c39698eaa6c2f58902690ae2645196
-
SHA512
fdf3478853b91d8f4597eda1b2093eac5c7de85bf32c1e4af6e534789e543e037b468fb6386cec7450f16bb846c587446c20933b5f6389622d2f90fcfaf5e084
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-