General
-
Target
52148cddb7190817d799dc678ca7665d68eedc9d7b508a1aaabef02d01ff11e8
-
Size
23KB
-
Sample
220520-fhe4dsdefm
-
MD5
51d90aa4d055203e90cf7deb010d2641
-
SHA1
7e3ece288566355eb8e4315c361e90d6fdd99a02
-
SHA256
52148cddb7190817d799dc678ca7665d68eedc9d7b508a1aaabef02d01ff11e8
-
SHA512
b3e8a80936673ad454558d21b68932f0e3a911868e0299d1c5dd84613d68e06a586f1466921986ea8a3b97ee2e867e94115eb3787144e1be1c689be032d4ee10
Behavioral task
behavioral1
Sample
52148cddb7190817d799dc678ca7665d68eedc9d7b508a1aaabef02d01ff11e8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
52148cddb7190817d799dc678ca7665d68eedc9d7b508a1aaabef02d01ff11e8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
baddd.ddns.net:5552
fb6cbf8e13f18dda46682c220362b84f
-
reg_key
fb6cbf8e13f18dda46682c220362b84f
-
splitter
|'|'|
Targets
-
-
Target
52148cddb7190817d799dc678ca7665d68eedc9d7b508a1aaabef02d01ff11e8
-
Size
23KB
-
MD5
51d90aa4d055203e90cf7deb010d2641
-
SHA1
7e3ece288566355eb8e4315c361e90d6fdd99a02
-
SHA256
52148cddb7190817d799dc678ca7665d68eedc9d7b508a1aaabef02d01ff11e8
-
SHA512
b3e8a80936673ad454558d21b68932f0e3a911868e0299d1c5dd84613d68e06a586f1466921986ea8a3b97ee2e867e94115eb3787144e1be1c689be032d4ee10
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-