General
-
Target
0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911
-
Size
598KB
-
Sample
220520-pt3s9sbgc3
-
MD5
6027c5d5ba277c500fea2c1573506674
-
SHA1
e96a6cb09f8387df162982969c39734cf7bb1320
-
SHA256
0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911
-
SHA512
a6dd9ff9195828c21bd3903e9730bbd15a9cbb901b4e07e0c2b1ba58679f7eacebd7967b13a63a630969168768b781963fa466665f26d879734ee50f78f55dad
Static task
static1
Behavioral task
behavioral1
Sample
0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Hacked By HiDDen PerSOn
178.137.210.251:5552
9fd934de9393f22478a39ad38fdd5c13
-
reg_key
9fd934de9393f22478a39ad38fdd5c13
-
splitter
|'|'|
Targets
-
-
Target
0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911
-
Size
598KB
-
MD5
6027c5d5ba277c500fea2c1573506674
-
SHA1
e96a6cb09f8387df162982969c39734cf7bb1320
-
SHA256
0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911
-
SHA512
a6dd9ff9195828c21bd3903e9730bbd15a9cbb901b4e07e0c2b1ba58679f7eacebd7967b13a63a630969168768b781963fa466665f26d879734ee50f78f55dad
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-