General
-
Target
f2fa9802bd004a3a349d986456b69d8ddf46133430500ce455aaab2b38df154d
-
Size
23KB
-
Sample
220520-gxhy9sgdem
-
MD5
d333f303d8e78b7fe5eaaa43637d8473
-
SHA1
a524da5844c7400c9fdaa305e34762578eeecbae
-
SHA256
f2fa9802bd004a3a349d986456b69d8ddf46133430500ce455aaab2b38df154d
-
SHA512
2838b599d7d9649f892a1f45f0003ea6b292aeca00597c18cec3e628420f7baf63c050ce3fb2980860ba32ce476e05bd9f708d3382f75e45b1c923295d54a05d
Behavioral task
behavioral1
Sample
f2fa9802bd004a3a349d986456b69d8ddf46133430500ce455aaab2b38df154d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f2fa9802bd004a3a349d986456b69d8ddf46133430500ce455aaab2b38df154d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1604
ad050a4ca40647f4c68a5e56134a59c2
-
reg_key
ad050a4ca40647f4c68a5e56134a59c2
-
splitter
|'|'|
Targets
-
-
Target
f2fa9802bd004a3a349d986456b69d8ddf46133430500ce455aaab2b38df154d
-
Size
23KB
-
MD5
d333f303d8e78b7fe5eaaa43637d8473
-
SHA1
a524da5844c7400c9fdaa305e34762578eeecbae
-
SHA256
f2fa9802bd004a3a349d986456b69d8ddf46133430500ce455aaab2b38df154d
-
SHA512
2838b599d7d9649f892a1f45f0003ea6b292aeca00597c18cec3e628420f7baf63c050ce3fb2980860ba32ce476e05bd9f708d3382f75e45b1c923295d54a05d
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-