General
-
Target
d1ccd57bb4a15797f9f98ca0c70e5a583da1059021fc653ebf1c4df52b99f66c
-
Size
23KB
-
Sample
220520-p6vcnafefn
-
MD5
2f439cad99858b8480e905754318512b
-
SHA1
36a84b10000b017fc278742b618f74099279a3b8
-
SHA256
d1ccd57bb4a15797f9f98ca0c70e5a583da1059021fc653ebf1c4df52b99f66c
-
SHA512
4fc3e6484f3f2eef9e4684794919bd746b99479e33fec0bcf29b675562a00aa11df644bc2f3a7f64341909e0ae7cb7dd9498e36ea0ae0e7b49cd955ac2adb2a2
Behavioral task
behavioral1
Sample
d1ccd57bb4a15797f9f98ca0c70e5a583da1059021fc653ebf1c4df52b99f66c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d1ccd57bb4a15797f9f98ca0c70e5a583da1059021fc653ebf1c4df52b99f66c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
mahmoodgngn.ddns.net:5552
5d4074a49fd9ccea390001056b51d91c
-
reg_key
5d4074a49fd9ccea390001056b51d91c
-
splitter
|'|'|
Targets
-
-
Target
d1ccd57bb4a15797f9f98ca0c70e5a583da1059021fc653ebf1c4df52b99f66c
-
Size
23KB
-
MD5
2f439cad99858b8480e905754318512b
-
SHA1
36a84b10000b017fc278742b618f74099279a3b8
-
SHA256
d1ccd57bb4a15797f9f98ca0c70e5a583da1059021fc653ebf1c4df52b99f66c
-
SHA512
4fc3e6484f3f2eef9e4684794919bd746b99479e33fec0bcf29b675562a00aa11df644bc2f3a7f64341909e0ae7cb7dd9498e36ea0ae0e7b49cd955ac2adb2a2
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-