General
-
Target
97d490053a2bc31ede84c06d265e5e239fc6d7706e502a322d4fa0c606c4d9f8
-
Size
23KB
-
Sample
220520-3b1svagfa9
-
MD5
7fe2f04ec81b88caae486d304ec170e5
-
SHA1
90fc86bce175167f13698aec80057b096f0b0455
-
SHA256
97d490053a2bc31ede84c06d265e5e239fc6d7706e502a322d4fa0c606c4d9f8
-
SHA512
ee8303a8dce8748c46af9015a9d6a8e7325fb55d3c148a6d408081db71eb09185bd27dbf20f4a23f978aeccc9501f2bd3ef446255a721da5731eeb43034fa325
Behavioral task
behavioral1
Sample
97d490053a2bc31ede84c06d265e5e239fc6d7706e502a322d4fa0c606c4d9f8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
97d490053a2bc31ede84c06d265e5e239fc6d7706e502a322d4fa0c606c4d9f8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
hacked12323.ddns.net:5552
1501914c4b5c911c0bad050b0de88e68
-
reg_key
1501914c4b5c911c0bad050b0de88e68
-
splitter
|'|'|
Targets
-
-
Target
97d490053a2bc31ede84c06d265e5e239fc6d7706e502a322d4fa0c606c4d9f8
-
Size
23KB
-
MD5
7fe2f04ec81b88caae486d304ec170e5
-
SHA1
90fc86bce175167f13698aec80057b096f0b0455
-
SHA256
97d490053a2bc31ede84c06d265e5e239fc6d7706e502a322d4fa0c606c4d9f8
-
SHA512
ee8303a8dce8748c46af9015a9d6a8e7325fb55d3c148a6d408081db71eb09185bd27dbf20f4a23f978aeccc9501f2bd3ef446255a721da5731eeb43034fa325
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-