General
-
Target
2ebdc54023ba9d9328d53df24abbbf79301e9547485c24534970670993fad571
-
Size
299KB
-
Sample
220520-3mdsfshbd9
-
MD5
b3e1737f873cf6dcc4250ae42def1309
-
SHA1
9809d9eb05cdb810ec2a4884f6955e11a912efab
-
SHA256
2ebdc54023ba9d9328d53df24abbbf79301e9547485c24534970670993fad571
-
SHA512
c4a658c5e3af03ec30712975185bb11370c3d080890447285a99702048dda6e75bd3c53c3f1f2c7bbc5decd3531433db871fab7d3b95d9f8a7a0015851618c54
Static task
static1
Behavioral task
behavioral1
Sample
2ebdc54023ba9d9328d53df24abbbf79301e9547485c24534970670993fad571.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2ebdc54023ba9d9328d53df24abbbf79301e9547485c24534970670993fad571.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
svchost.exe
192.168.0.100:1604
3f97945adf60540bc81f42cfa0c81e0c
-
reg_key
3f97945adf60540bc81f42cfa0c81e0c
-
splitter
|'|'|
Targets
-
-
Target
2ebdc54023ba9d9328d53df24abbbf79301e9547485c24534970670993fad571
-
Size
299KB
-
MD5
b3e1737f873cf6dcc4250ae42def1309
-
SHA1
9809d9eb05cdb810ec2a4884f6955e11a912efab
-
SHA256
2ebdc54023ba9d9328d53df24abbbf79301e9547485c24534970670993fad571
-
SHA512
c4a658c5e3af03ec30712975185bb11370c3d080890447285a99702048dda6e75bd3c53c3f1f2c7bbc5decd3531433db871fab7d3b95d9f8a7a0015851618c54
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-