General
-
Target
cb40874e0404dca1eaba886760c75d40a2f43be8e74f0d60a1673d6ab10657e4
-
Size
31KB
-
Sample
220520-3bycqabefq
-
MD5
d7061c770c21e951296aac82f4c25225
-
SHA1
6f56047a599f4715f39e1a70413824f96f77d9d6
-
SHA256
cb40874e0404dca1eaba886760c75d40a2f43be8e74f0d60a1673d6ab10657e4
-
SHA512
a512b1a33e620ea54cce94f532c445ba36b145c66e9279c54542bca51768de4fea90cd60222fc10209e1ac0517b031196c94ad2cb72855369642b9f91917183a
Behavioral task
behavioral1
Sample
cb40874e0404dca1eaba886760c75d40a2f43be8e74f0d60a1673d6ab10657e4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cb40874e0404dca1eaba886760c75d40a2f43be8e74f0d60a1673d6ab10657e4.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
MineMods
212.164.65.28:7777
88f31489d5bbb2ab0990d1c34b8f8622
-
reg_key
88f31489d5bbb2ab0990d1c34b8f8622
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
cb40874e0404dca1eaba886760c75d40a2f43be8e74f0d60a1673d6ab10657e4
-
Size
31KB
-
MD5
d7061c770c21e951296aac82f4c25225
-
SHA1
6f56047a599f4715f39e1a70413824f96f77d9d6
-
SHA256
cb40874e0404dca1eaba886760c75d40a2f43be8e74f0d60a1673d6ab10657e4
-
SHA512
a512b1a33e620ea54cce94f532c445ba36b145c66e9279c54542bca51768de4fea90cd60222fc10209e1ac0517b031196c94ad2cb72855369642b9f91917183a
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-