General
-
Target
94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
-
Size
705KB
-
Sample
220520-3pq6kacbgl
-
MD5
a417bd210ba1cac6f5583a46f717c927
-
SHA1
ff6ea4714d231b8762203740b6e1142a56fae458
-
SHA256
94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
-
SHA512
b95085a8d5739d5cc22de84b8319cbf4d9f4aa0c2397a403e27e493be80a857f27ebeba61f856b90f55dbb938c94c2443171c5b4d7d2ec1d0817cfea7fd9f924
Static task
static1
Behavioral task
behavioral1
Sample
94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
MyBot
127.0.0.1:6522
f4dd36e85bd93926452630eb2bb82274
-
reg_key
f4dd36e85bd93926452630eb2bb82274
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
-
Size
705KB
-
MD5
a417bd210ba1cac6f5583a46f717c927
-
SHA1
ff6ea4714d231b8762203740b6e1142a56fae458
-
SHA256
94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
-
SHA512
b95085a8d5739d5cc22de84b8319cbf4d9f4aa0c2397a403e27e493be80a857f27ebeba61f856b90f55dbb938c94c2443171c5b4d7d2ec1d0817cfea7fd9f924
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-