General
-
Target
e4cbce3085ca964b83c2b2b69a787264fefc77435095e847332354ebf8a3db02
-
Size
37KB
-
Sample
220520-rqy21sbbel
-
MD5
93629cc82528b6dc58a8db94912ca786
-
SHA1
c73a94cf2014605c317b433eb38d4a8f39d70aaf
-
SHA256
e4cbce3085ca964b83c2b2b69a787264fefc77435095e847332354ebf8a3db02
-
SHA512
00d0b728e31a0030f9d983f2fe36e46514f449ba96a3c034ff860f4be96e9a8e67bc4bdbff086b79474962509088032509a3e7f3cad06e32dcaaa0d3e19c7650
Behavioral task
behavioral1
Sample
e4cbce3085ca964b83c2b2b69a787264fefc77435095e847332354ebf8a3db02.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e4cbce3085ca964b83c2b2b69a787264fefc77435095e847332354ebf8a3db02.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
95.138.242.118:6463
a719548a4e0a4b21166fca31fea3933b
-
reg_key
a719548a4e0a4b21166fca31fea3933b
-
splitter
|'|'|
Targets
-
-
Target
e4cbce3085ca964b83c2b2b69a787264fefc77435095e847332354ebf8a3db02
-
Size
37KB
-
MD5
93629cc82528b6dc58a8db94912ca786
-
SHA1
c73a94cf2014605c317b433eb38d4a8f39d70aaf
-
SHA256
e4cbce3085ca964b83c2b2b69a787264fefc77435095e847332354ebf8a3db02
-
SHA512
00d0b728e31a0030f9d983f2fe36e46514f449ba96a3c034ff860f4be96e9a8e67bc4bdbff086b79474962509088032509a3e7f3cad06e32dcaaa0d3e19c7650
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-