General
-
Target
121df38e767b1b2b97511a9edebe0023462cba685ea27b8f8776bd2304fcfb9e
-
Size
29KB
-
Sample
220520-2vfrcagaf4
-
MD5
b4f97e12a60f4f5c9a7a70faa5a7b092
-
SHA1
a83f6c40df8f95bd7f6f09b092dc6577b8008fff
-
SHA256
121df38e767b1b2b97511a9edebe0023462cba685ea27b8f8776bd2304fcfb9e
-
SHA512
39559be30f2155a0040ea9e39edde34f6fb95d8c65efecb59887c78b5905301d4f652957b15c657f293574e4cde8d6e203bf18ef90b3d7666b61284a431ccb5c
Behavioral task
behavioral1
Sample
121df38e767b1b2b97511a9edebe0023462cba685ea27b8f8776bd2304fcfb9e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
121df38e767b1b2b97511a9edebe0023462cba685ea27b8f8776bd2304fcfb9e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.6.4
HacKed
joao2412.ddns.net:1177
81ed0e74a40ed4fe8a36a7b819c4279f
-
reg_key
81ed0e74a40ed4fe8a36a7b819c4279f
-
splitter
|'|'|
Targets
-
-
Target
121df38e767b1b2b97511a9edebe0023462cba685ea27b8f8776bd2304fcfb9e
-
Size
29KB
-
MD5
b4f97e12a60f4f5c9a7a70faa5a7b092
-
SHA1
a83f6c40df8f95bd7f6f09b092dc6577b8008fff
-
SHA256
121df38e767b1b2b97511a9edebe0023462cba685ea27b8f8776bd2304fcfb9e
-
SHA512
39559be30f2155a0040ea9e39edde34f6fb95d8c65efecb59887c78b5905301d4f652957b15c657f293574e4cde8d6e203bf18ef90b3d7666b61284a431ccb5c
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-