General
-
Target
ad53faff462d7da469c5c70b622482d9c59d2b5d14299f10e49b625a8dcaeba7
-
Size
23KB
-
Sample
220520-p6vy7acfb3
-
MD5
8cece45770d4bef48d2d9d40d952b8b1
-
SHA1
05e4490195ea8d342809cf96b439ce54d927b3bb
-
SHA256
ad53faff462d7da469c5c70b622482d9c59d2b5d14299f10e49b625a8dcaeba7
-
SHA512
f73f091f0c3306fa12f0c5bf3f988741d38b8d9e7123d9fb8d75306321b740e2078b9666bc0158193f8cfed231d229c35c54aa913f030f63b4aef8cf2fd1a4ce
Behavioral task
behavioral1
Sample
ad53faff462d7da469c5c70b622482d9c59d2b5d14299f10e49b625a8dcaeba7.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
rattedlmao.ddns.net:5555
9dc16129f7613d89723d715b6ad058d3
-
reg_key
9dc16129f7613d89723d715b6ad058d3
-
splitter
|'|'|
Targets
-
-
Target
ad53faff462d7da469c5c70b622482d9c59d2b5d14299f10e49b625a8dcaeba7
-
Size
23KB
-
MD5
8cece45770d4bef48d2d9d40d952b8b1
-
SHA1
05e4490195ea8d342809cf96b439ce54d927b3bb
-
SHA256
ad53faff462d7da469c5c70b622482d9c59d2b5d14299f10e49b625a8dcaeba7
-
SHA512
f73f091f0c3306fa12f0c5bf3f988741d38b8d9e7123d9fb8d75306321b740e2078b9666bc0158193f8cfed231d229c35c54aa913f030f63b4aef8cf2fd1a4ce
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-