General
-
Target
a6ce92c72deabf6faf87edafd72381d1daeda76db3a37b72901bdda3d2c16c4c
-
Size
31KB
-
Sample
220520-1nqgjaebb6
-
MD5
29966f080381fc0809ec8bb75365acda
-
SHA1
4f78c804d179070468fa9205c128208938163152
-
SHA256
a6ce92c72deabf6faf87edafd72381d1daeda76db3a37b72901bdda3d2c16c4c
-
SHA512
a1d6bc1388d7d3cfd4e8701a4adb4f8b725a4e7b38643459a2f50b6c797adf7c0f3ae2dadf5bccd129770b9aef2a395e7c2a3b7217543ba0a71772473e86181b
Behavioral task
behavioral1
Sample
a6ce92c72deabf6faf87edafd72381d1daeda76db3a37b72901bdda3d2c16c4c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a6ce92c72deabf6faf87edafd72381d1daeda76db3a37b72901bdda3d2c16c4c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
C
41.215.240.150 :7777
9bb2a2aa276f54484f6a2c361c3d59f1
-
reg_key
9bb2a2aa276f54484f6a2c361c3d59f1
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
a6ce92c72deabf6faf87edafd72381d1daeda76db3a37b72901bdda3d2c16c4c
-
Size
31KB
-
MD5
29966f080381fc0809ec8bb75365acda
-
SHA1
4f78c804d179070468fa9205c128208938163152
-
SHA256
a6ce92c72deabf6faf87edafd72381d1daeda76db3a37b72901bdda3d2c16c4c
-
SHA512
a1d6bc1388d7d3cfd4e8701a4adb4f8b725a4e7b38643459a2f50b6c797adf7c0f3ae2dadf5bccd129770b9aef2a395e7c2a3b7217543ba0a71772473e86181b
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-