General
-
Target
bde52e15a948a302b45b683d85bdaa0ec82688decf8f9d00847b616a75fa5cd6
-
Size
29KB
-
Sample
220520-p6tq5acfb2
-
MD5
0b87ba9858876702d052c84f27a2675e
-
SHA1
a7ce50effb4f59effc0d08d643170bae2456f954
-
SHA256
bde52e15a948a302b45b683d85bdaa0ec82688decf8f9d00847b616a75fa5cd6
-
SHA512
55bd5778a0d38f1085ba0ac49b7a3d608876974fd949ed5c452b0ce144a06c65f8fe066743369cf5ff174231bda036ce77cea175e6aee34b7420f13f09f58b36
Behavioral task
behavioral1
Sample
bde52e15a948a302b45b683d85bdaa0ec82688decf8f9d00847b616a75fa5cd6.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.6.4
HacKed
dadijinn.ddns.net:1177
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
bde52e15a948a302b45b683d85bdaa0ec82688decf8f9d00847b616a75fa5cd6
-
Size
29KB
-
MD5
0b87ba9858876702d052c84f27a2675e
-
SHA1
a7ce50effb4f59effc0d08d643170bae2456f954
-
SHA256
bde52e15a948a302b45b683d85bdaa0ec82688decf8f9d00847b616a75fa5cd6
-
SHA512
55bd5778a0d38f1085ba0ac49b7a3d608876974fd949ed5c452b0ce144a06c65f8fe066743369cf5ff174231bda036ce77cea175e6aee34b7420f13f09f58b36
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-