General
-
Target
038e4309bfb4abdeac86b64093eeac3cce5bb1b7a22d9850c17713a3542f069a
-
Size
37KB
-
Sample
220520-fbjs1aadf2
-
MD5
145b95efd39cef2d32af0809261b788a
-
SHA1
094585413da93422445b0f7ba1eb16e42a349837
-
SHA256
038e4309bfb4abdeac86b64093eeac3cce5bb1b7a22d9850c17713a3542f069a
-
SHA512
4754164a7324ba148f817c6510c1c0f5773bab814e49be186bc2c232e2f558e19908fd50133955c7d6d70292ea6c414c76b014417e430153b6bc5f5a12ace842
Behavioral task
behavioral1
Sample
038e4309bfb4abdeac86b64093eeac3cce5bb1b7a22d9850c17713a3542f069a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
038e4309bfb4abdeac86b64093eeac3cce5bb1b7a22d9850c17713a3542f069a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
kamenshik222.hopto.org:1604
d36b0d643b8950fbdfbfedccba217a77
-
reg_key
d36b0d643b8950fbdfbfedccba217a77
-
splitter
|'|'|
Targets
-
-
Target
038e4309bfb4abdeac86b64093eeac3cce5bb1b7a22d9850c17713a3542f069a
-
Size
37KB
-
MD5
145b95efd39cef2d32af0809261b788a
-
SHA1
094585413da93422445b0f7ba1eb16e42a349837
-
SHA256
038e4309bfb4abdeac86b64093eeac3cce5bb1b7a22d9850c17713a3542f069a
-
SHA512
4754164a7324ba148f817c6510c1c0f5773bab814e49be186bc2c232e2f558e19908fd50133955c7d6d70292ea6c414c76b014417e430153b6bc5f5a12ace842
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-