General
-
Target
c6084f38c5469e7c5395cd15ebe7ce32c63be1c37a3df55266f44c07029c42de
-
Size
23KB
-
Sample
220520-g3pc8sdge5
-
MD5
e3d0d1c17ebe317669282b73a51235b0
-
SHA1
e63afae6b1df2ffe1fac49ac1fffe14c52e10dec
-
SHA256
c6084f38c5469e7c5395cd15ebe7ce32c63be1c37a3df55266f44c07029c42de
-
SHA512
4bdde959b4d82348e4bb610f0e919bba20064fc7348a00c719387f0649596a1615a55ae5037cb0e586b5f9ce1f93454acdcc17554b1ef261aba6a7cacd2a8237
Behavioral task
behavioral1
Sample
c6084f38c5469e7c5395cd15ebe7ce32c63be1c37a3df55266f44c07029c42de.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c6084f38c5469e7c5395cd15ebe7ce32c63be1c37a3df55266f44c07029c42de.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
kryptokrypto123.ddns.net:5552
c6dfbab76abb2fb1938d3e35b1bb6f3a
-
reg_key
c6dfbab76abb2fb1938d3e35b1bb6f3a
-
splitter
|'|'|
Targets
-
-
Target
c6084f38c5469e7c5395cd15ebe7ce32c63be1c37a3df55266f44c07029c42de
-
Size
23KB
-
MD5
e3d0d1c17ebe317669282b73a51235b0
-
SHA1
e63afae6b1df2ffe1fac49ac1fffe14c52e10dec
-
SHA256
c6084f38c5469e7c5395cd15ebe7ce32c63be1c37a3df55266f44c07029c42de
-
SHA512
4bdde959b4d82348e4bb610f0e919bba20064fc7348a00c719387f0649596a1615a55ae5037cb0e586b5f9ce1f93454acdcc17554b1ef261aba6a7cacd2a8237
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-