General
-
Target
201572ea222e3606c98da1c10781b570e75cdd1256c75eb5c0776490fe76694e
-
Size
23KB
-
Sample
220520-gvz5rsgchp
-
MD5
be031938826435311f1932068d552001
-
SHA1
b6b74fbf870c13bb08d151c8aebcca8ac9c4a048
-
SHA256
201572ea222e3606c98da1c10781b570e75cdd1256c75eb5c0776490fe76694e
-
SHA512
bb39cfef7b1cdf77f3a49aac41f46464269f7e959d2cba227519a1d23217960a3f9249ee48581ad40deed1c0597eb3e59aff5dbcd55cb33de0b1b00c6a25903a
Behavioral task
behavioral1
Sample
201572ea222e3606c98da1c10781b570e75cdd1256c75eb5c0776490fe76694e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
201572ea222e3606c98da1c10781b570e75cdd1256c75eb5c0776490fe76694e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
must123123.ddns.net:5571
2fd4177f9bfdf03e6833100ad58e5a3b
-
reg_key
2fd4177f9bfdf03e6833100ad58e5a3b
-
splitter
|'|'|
Targets
-
-
Target
201572ea222e3606c98da1c10781b570e75cdd1256c75eb5c0776490fe76694e
-
Size
23KB
-
MD5
be031938826435311f1932068d552001
-
SHA1
b6b74fbf870c13bb08d151c8aebcca8ac9c4a048
-
SHA256
201572ea222e3606c98da1c10781b570e75cdd1256c75eb5c0776490fe76694e
-
SHA512
bb39cfef7b1cdf77f3a49aac41f46464269f7e959d2cba227519a1d23217960a3f9249ee48581ad40deed1c0597eb3e59aff5dbcd55cb33de0b1b00c6a25903a
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-