General
-
Target
4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
-
Size
23KB
-
Sample
220520-fpar9abac5
-
MD5
ca81d2d0a301e1be87468d1d01bf0d82
-
SHA1
aa5ce41cc6f0f38ebdca1fc594be7ac2f5e0a9ef
-
SHA256
4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
-
SHA512
f1c662e432b334988b1cd9508f0059898ff5e48ad418478e6eceb540c1c59733f0299e0c00f0f79f4e15bda42fa12291d4140f83f0b8d1c6481c8d8b690b1231
Behavioral task
behavioral1
Sample
4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
xloil1320.myftp.biz:1177
0e61fb5748277b13987b2a3f92ca758c
-
reg_key
0e61fb5748277b13987b2a3f92ca758c
-
splitter
|'|'|
Targets
-
-
Target
4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
-
Size
23KB
-
MD5
ca81d2d0a301e1be87468d1d01bf0d82
-
SHA1
aa5ce41cc6f0f38ebdca1fc594be7ac2f5e0a9ef
-
SHA256
4c14fddc8480eaa2c22db0535dda8334452ef3d925b6ad81ded7d51471ea3de3
-
SHA512
f1c662e432b334988b1cd9508f0059898ff5e48ad418478e6eceb540c1c59733f0299e0c00f0f79f4e15bda42fa12291d4140f83f0b8d1c6481c8d8b690b1231
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-