General
-
Target
62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
-
Size
318KB
-
Sample
220520-e4b37aaaa7
-
MD5
01e518b7a490f6628109bd0194b6d474
-
SHA1
6dc1b684f56b4d6033ee340f32d384ae16e81855
-
SHA256
62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
-
SHA512
c2a92f79a89d8fd344dafc554482a3f032cf88ec11f898dfa17661d176f332fa5e7bfba1601fd0c4b3903bb8599eab6b36da30b68c559b58f8c366aa66ba0a89
Behavioral task
behavioral1
Sample
62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
127.0.0.1:5552
f03548618f97651db297b397d73ec8d9
-
reg_key
f03548618f97651db297b397d73ec8d9
-
splitter
|'|'|
Targets
-
-
Target
62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
-
Size
318KB
-
MD5
01e518b7a490f6628109bd0194b6d474
-
SHA1
6dc1b684f56b4d6033ee340f32d384ae16e81855
-
SHA256
62788763528a89a0fcf81bf247bf5f0f9b682e9c6eaad0f3331464e9d8cff47d
-
SHA512
c2a92f79a89d8fd344dafc554482a3f032cf88ec11f898dfa17661d176f332fa5e7bfba1601fd0c4b3903bb8599eab6b36da30b68c559b58f8c366aa66ba0a89
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-