General
-
Target
142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
-
Size
37KB
-
Sample
220520-fam42aadb4
-
MD5
01e68b10abe9efeb75603ea26c75242f
-
SHA1
5d5b45d5a08801c03c2068f753ab4a41ddf71966
-
SHA256
142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
-
SHA512
aa3fbbf3bc270ab13a087ebe954e082bfb55d9040980e2f5f8f505fbd9fec93000485cbef42dc0b62bd01207b5bae7a38e8bb0cf01285c0a57bae2dc6e863db3
Behavioral task
behavioral1
Sample
142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
z1cker.ddns.net:9219
7dd52bc3c44b5e589ee15a6885becb3e
-
reg_key
7dd52bc3c44b5e589ee15a6885becb3e
-
splitter
|'|'|
Targets
-
-
Target
142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
-
Size
37KB
-
MD5
01e68b10abe9efeb75603ea26c75242f
-
SHA1
5d5b45d5a08801c03c2068f753ab4a41ddf71966
-
SHA256
142794b66b8708fa0f8dffb82a624a33abeddb22ac2a9b5442957a7aef22d841
-
SHA512
aa3fbbf3bc270ab13a087ebe954e082bfb55d9040980e2f5f8f505fbd9fec93000485cbef42dc0b62bd01207b5bae7a38e8bb0cf01285c0a57bae2dc6e863db3
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-