General
-
Target
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1
-
Size
23KB
-
Sample
220520-wypkrsegcp
-
MD5
017d58616ffe5e91e84cd5a10dc6cf5a
-
SHA1
076df91663f13ad61457060661db5937d451a60c
-
SHA256
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1
-
SHA512
5ae5ad9459a6a43849297569024b56dd7bb8ce4cafec1e35ed9fe70e9825cb4fc2e86bae624560039286fbb76aa7b2d2c50d0bf34a2239568d0fc4a77db47979
Behavioral task
behavioral1
Sample
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
bmhha.ddns.net:1604
81070cdd786421ae0d07b0841d9f8467
-
reg_key
81070cdd786421ae0d07b0841d9f8467
-
splitter
|'|'|
Targets
-
-
Target
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1
-
Size
23KB
-
MD5
017d58616ffe5e91e84cd5a10dc6cf5a
-
SHA1
076df91663f13ad61457060661db5937d451a60c
-
SHA256
c24ea2a4f56ca0eab1080f9979a3e8c57a0c8d4b7872e4eda5bb1e4f147ee7a1
-
SHA512
5ae5ad9459a6a43849297569024b56dd7bb8ce4cafec1e35ed9fe70e9825cb4fc2e86bae624560039286fbb76aa7b2d2c50d0bf34a2239568d0fc4a77db47979
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-