General
-
Target
1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
-
Size
37KB
-
Sample
220520-w39fqsbhh4
-
MD5
8a3c07e101a69711eee5c4f21c4a5199
-
SHA1
86c4438cb25b6bc2e7f4b3865f809bddcd7ea096
-
SHA256
1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
-
SHA512
8b582230e9a67397fd3f36fd1b9c91331852332b27807696faf809163b6474384a6aa6c3599c96d7b6d25ee917fea962f6af8a334045103c4687f9302b8ed62e
Behavioral task
behavioral1
Sample
1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
192.168.0.12:5552
536ec81ea4d08ca810ee637d596cf35e
-
reg_key
536ec81ea4d08ca810ee637d596cf35e
-
splitter
|'|'|
Targets
-
-
Target
1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
-
Size
37KB
-
MD5
8a3c07e101a69711eee5c4f21c4a5199
-
SHA1
86c4438cb25b6bc2e7f4b3865f809bddcd7ea096
-
SHA256
1c01402caca44bb88644241d8759f29b5ab70bce7640429485c1ab42d35f54b0
-
SHA512
8b582230e9a67397fd3f36fd1b9c91331852332b27807696faf809163b6474384a6aa6c3599c96d7b6d25ee917fea962f6af8a334045103c4687f9302b8ed62e
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-