General
-
Target
6a4906cdd44f4809101053fe6ca7c015ff28731134378cfbc3a6fa0da630b060
-
Size
37KB
-
Sample
220521-ac31daaae8
-
MD5
78748fb947f2e194373b0ae253e76149
-
SHA1
bc62b0381d3ad8f016eec8401ba146e6d0e1f93b
-
SHA256
6a4906cdd44f4809101053fe6ca7c015ff28731134378cfbc3a6fa0da630b060
-
SHA512
80b3bf52416b330ec1035ad04b60df70177031645f712bc13947d2d7370f872549c316b93d03c5771a4fe74b43c327a8c3297479b17825248136f37da88cd88a
Behavioral task
behavioral1
Sample
6a4906cdd44f4809101053fe6ca7c015ff28731134378cfbc3a6fa0da630b060.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6a4906cdd44f4809101053fe6ca7c015ff28731134378cfbc3a6fa0da630b060.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
Fix
25.40.195.41:5552
8f0d57ab27cee39f7599945634704174
-
reg_key
8f0d57ab27cee39f7599945634704174
-
splitter
|'|'|
Targets
-
-
Target
6a4906cdd44f4809101053fe6ca7c015ff28731134378cfbc3a6fa0da630b060
-
Size
37KB
-
MD5
78748fb947f2e194373b0ae253e76149
-
SHA1
bc62b0381d3ad8f016eec8401ba146e6d0e1f93b
-
SHA256
6a4906cdd44f4809101053fe6ca7c015ff28731134378cfbc3a6fa0da630b060
-
SHA512
80b3bf52416b330ec1035ad04b60df70177031645f712bc13947d2d7370f872549c316b93d03c5771a4fe74b43c327a8c3297479b17825248136f37da88cd88a
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-