General
-
Target
7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730
-
Size
93KB
-
Sample
220520-2k9lnsfed9
-
MD5
5961f8f28eb6a82e0e845680a051ac34
-
SHA1
abb5ddbb8dee35184c28f816a20be7c04cee2c77
-
SHA256
7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730
-
SHA512
79562759ddeed7c57a7ddc49c5655a349d850eead64102ae24b95569c84ec3799f9a3d7fc0533bbdb8769955964863e49280a2bddb1be1c970e2d3130f646a92
Behavioral task
behavioral1
Sample
7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKeD
c2VyZ28yFRANSESCOjhhdWUuaG9wdG8ub3Jn:NTU1Mg==
5b040190db9c0c0f6ade6295832a9add
-
reg_key
5b040190db9c0c0f6ade6295832a9add
-
splitter
|'|'|
Targets
-
-
Target
7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730
-
Size
93KB
-
MD5
5961f8f28eb6a82e0e845680a051ac34
-
SHA1
abb5ddbb8dee35184c28f816a20be7c04cee2c77
-
SHA256
7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730
-
SHA512
79562759ddeed7c57a7ddc49c5655a349d850eead64102ae24b95569c84ec3799f9a3d7fc0533bbdb8769955964863e49280a2bddb1be1c970e2d3130f646a92
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-