General
-
Target
64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
-
Size
31KB
-
Sample
220520-2zjnssbcbm
-
MD5
dd372c9d6185770b04647c60b62e6b99
-
SHA1
6001109643c626a6eb97393f67447e5b7d36b862
-
SHA256
64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
-
SHA512
7feba5fa58928937296ebcfbd10744fa8aa722a2a9bb922fa821d44ad6a5d502030af86ac968a69d5a2daa9a613765f5768e3c4bce4f3bc5b44c220d767df624
Behavioral task
behavioral1
Sample
64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Setup.exe
91.189.181.22:9297
11deb0888e327d6e5c6209f938480998
-
reg_key
11deb0888e327d6e5c6209f938480998
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
-
Size
31KB
-
MD5
dd372c9d6185770b04647c60b62e6b99
-
SHA1
6001109643c626a6eb97393f67447e5b7d36b862
-
SHA256
64cc5897fe18437a09e999e3454d03ad475e13ecba62bd58781748d78f962a69
-
SHA512
7feba5fa58928937296ebcfbd10744fa8aa722a2a9bb922fa821d44ad6a5d502030af86ac968a69d5a2daa9a613765f5768e3c4bce4f3bc5b44c220d767df624
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-