General
-
Target
5b214ea4cc035e5375f3a6335c847dea72c5db6f8423828d0d27f7ab6ef4e0ca
-
Size
31KB
-
Sample
220520-e5axhsaae3
-
MD5
b5d21530538e7822bd6ccbf4458eb903
-
SHA1
d44b98c09eecc1358dec7378de630d9da63e5a25
-
SHA256
5b214ea4cc035e5375f3a6335c847dea72c5db6f8423828d0d27f7ab6ef4e0ca
-
SHA512
91c37315bd4372fcd24396aff2efcd018ed83e4c44a8eb4db23f1815cd2114cb9ba2e7dab5509e68edc7e596b5da9abc9173a845531838a275cecbe108388d36
Behavioral task
behavioral1
Sample
5b214ea4cc035e5375f3a6335c847dea72c5db6f8423828d0d27f7ab6ef4e0ca.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5b214ea4cc035e5375f3a6335c847dea72c5db6f8423828d0d27f7ab6ef4e0ca.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
q
90.191.122.120:6522
255d238b748d6b3fe0502dded68c366c
-
reg_key
255d238b748d6b3fe0502dded68c366c
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
5b214ea4cc035e5375f3a6335c847dea72c5db6f8423828d0d27f7ab6ef4e0ca
-
Size
31KB
-
MD5
b5d21530538e7822bd6ccbf4458eb903
-
SHA1
d44b98c09eecc1358dec7378de630d9da63e5a25
-
SHA256
5b214ea4cc035e5375f3a6335c847dea72c5db6f8423828d0d27f7ab6ef4e0ca
-
SHA512
91c37315bd4372fcd24396aff2efcd018ed83e4c44a8eb4db23f1815cd2114cb9ba2e7dab5509e68edc7e596b5da9abc9173a845531838a275cecbe108388d36
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-