General
-
Target
e9c033acb30737ae458ee872c3515294c78c74d57632cb017e505c86ddda983b
-
Size
22KB
-
Sample
220520-z3t8lagfam
-
MD5
c3db469870c1abd2c717b91ad183cc63
-
SHA1
ac61a6257f5b018f1d64660f29da65733eb82ab9
-
SHA256
e9c033acb30737ae458ee872c3515294c78c74d57632cb017e505c86ddda983b
-
SHA512
f751d8207a15c4a5faba9fc1d8ce0c4dc1d5dc4deaa46a734c611af6ace72b9ff0f910e1c830d5330cc364a1583c3e3becf53845ea224da16feaf6e308a5043e
Behavioral task
behavioral1
Sample
e9c033acb30737ae458ee872c3515294c78c74d57632cb017e505c86ddda983b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e9c033acb30737ae458ee872c3515294c78c74d57632cb017e505c86ddda983b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
94.124.25.112:5201
8a3724e1058df3ca9d5b09a172c6a2a7
-
reg_key
8a3724e1058df3ca9d5b09a172c6a2a7
-
splitter
|'|'|
Targets
-
-
Target
e9c033acb30737ae458ee872c3515294c78c74d57632cb017e505c86ddda983b
-
Size
22KB
-
MD5
c3db469870c1abd2c717b91ad183cc63
-
SHA1
ac61a6257f5b018f1d64660f29da65733eb82ab9
-
SHA256
e9c033acb30737ae458ee872c3515294c78c74d57632cb017e505c86ddda983b
-
SHA512
f751d8207a15c4a5faba9fc1d8ce0c4dc1d5dc4deaa46a734c611af6ace72b9ff0f910e1c830d5330cc364a1583c3e3becf53845ea224da16feaf6e308a5043e
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-