General
-
Target
c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1
-
Size
37KB
-
Sample
220520-3ja76abhej
-
MD5
2333a7b5b03e3fa1bd77b635e0a7f0df
-
SHA1
984a1120d48af498288e8ef09f49d8989e0d1aff
-
SHA256
c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1
-
SHA512
504063f2913ba7b1ff8dd5a0eee97f421857e1218280e59a64dc707c7e9a6ac290a58c45fcbe05ff38172e037a0994043d979f403d506273c14f86cb895a59c1
Static task
static1
Behavioral task
behavioral1
Sample
c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
хороший_чит227
127.0.0.1:5552
345d8bf41e0048532905f37e4f8e9889
-
reg_key
345d8bf41e0048532905f37e4f8e9889
-
splitter
|'|'|
Targets
-
-
Target
c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1
-
Size
37KB
-
MD5
2333a7b5b03e3fa1bd77b635e0a7f0df
-
SHA1
984a1120d48af498288e8ef09f49d8989e0d1aff
-
SHA256
c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1
-
SHA512
504063f2913ba7b1ff8dd5a0eee97f421857e1218280e59a64dc707c7e9a6ac290a58c45fcbe05ff38172e037a0994043d979f403d506273c14f86cb895a59c1
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-