General
-
Target
3780704d28e73654b31a312c7887a202f3b28a15046d0a314f1ba0373e5362dd
-
Size
69KB
-
Sample
220520-xfxzvsfdbp
-
MD5
04ee19dcd3079ca37c8f829d2b30513f
-
SHA1
185f80cc3e7aa3ca8148bc83f240d3789d7e0706
-
SHA256
3780704d28e73654b31a312c7887a202f3b28a15046d0a314f1ba0373e5362dd
-
SHA512
1d9ed9e96d4c0ef1aae4aa6c5e5bbbb6ac11f8c8eb9369134aea962caa652469c2a35ba2a961411071bb9dfba8485fee1827f9633217d2947744261ed08a9da5
Static task
static1
Behavioral task
behavioral1
Sample
3780704d28e73654b31a312c7887a202f3b28a15046d0a314f1ba0373e5362dd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3780704d28e73654b31a312c7887a202f3b28a15046d0a314f1ba0373e5362dd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
testsevaer.kro.kr:6335
257e54d5487aae3e024df308f1deeed9
-
reg_key
257e54d5487aae3e024df308f1deeed9
-
splitter
|'|'|
Targets
-
-
Target
3780704d28e73654b31a312c7887a202f3b28a15046d0a314f1ba0373e5362dd
-
Size
69KB
-
MD5
04ee19dcd3079ca37c8f829d2b30513f
-
SHA1
185f80cc3e7aa3ca8148bc83f240d3789d7e0706
-
SHA256
3780704d28e73654b31a312c7887a202f3b28a15046d0a314f1ba0373e5362dd
-
SHA512
1d9ed9e96d4c0ef1aae4aa6c5e5bbbb6ac11f8c8eb9369134aea962caa652469c2a35ba2a961411071bb9dfba8485fee1827f9633217d2947744261ed08a9da5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-