General
-
Target
e58d01ecd88c6acb84893e0a4ecbc823cc3715770d22e1e761f9c5ec9b44d5b1
-
Size
23KB
-
Sample
220520-3jc2rabhem
-
MD5
75af76d2a53d30d3d005ed79719b0839
-
SHA1
e811f724203ec37b0ac9906349db186a190540ba
-
SHA256
e58d01ecd88c6acb84893e0a4ecbc823cc3715770d22e1e761f9c5ec9b44d5b1
-
SHA512
d512cbbe97f7a1bb6bd7744192e7b845d89544ef008cd241d22b4f69ebc9be8796388efe49a96d7d203fc994f8af8ece63f2664560a357f943db74e611c177a7
Behavioral task
behavioral1
Sample
e58d01ecd88c6acb84893e0a4ecbc823cc3715770d22e1e761f9c5ec9b44d5b1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e58d01ecd88c6acb84893e0a4ecbc823cc3715770d22e1e761f9c5ec9b44d5b1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
tplinklocal.linkpc.net:1177
ac439180f0d27caad533e0a9c298c9a2
-
reg_key
ac439180f0d27caad533e0a9c298c9a2
-
splitter
|'|'|
Targets
-
-
Target
e58d01ecd88c6acb84893e0a4ecbc823cc3715770d22e1e761f9c5ec9b44d5b1
-
Size
23KB
-
MD5
75af76d2a53d30d3d005ed79719b0839
-
SHA1
e811f724203ec37b0ac9906349db186a190540ba
-
SHA256
e58d01ecd88c6acb84893e0a4ecbc823cc3715770d22e1e761f9c5ec9b44d5b1
-
SHA512
d512cbbe97f7a1bb6bd7744192e7b845d89544ef008cd241d22b4f69ebc9be8796388efe49a96d7d203fc994f8af8ece63f2664560a357f943db74e611c177a7
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-