General
-
Target
be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
-
Size
31KB
-
Sample
220521-aekxksdaap
-
MD5
18fd235145f8ab58e1459ca717da16f8
-
SHA1
feccaf6747cbcb7d4adcec37886f107ed4135597
-
SHA256
be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
-
SHA512
0df79707f6d2b26d06c47827f8207b1c74322483676b7d7be72d28bb8bae6c54b2cef8c8ade5360fe87b6f21af0418b4bb87f0ee76ad42a2eb4e329dd3a44f45
Behavioral task
behavioral1
Sample
be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Faust
192.168.88.12:7777
77beb3e67b10486d166a5b0f147439dc
-
reg_key
77beb3e67b10486d166a5b0f147439dc
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
-
Size
31KB
-
MD5
18fd235145f8ab58e1459ca717da16f8
-
SHA1
feccaf6747cbcb7d4adcec37886f107ed4135597
-
SHA256
be4e51ecca7a9cfb5ca39240ce27beea314be89af2bbf40dd4d5b2a8d3203c98
-
SHA512
0df79707f6d2b26d06c47827f8207b1c74322483676b7d7be72d28bb8bae6c54b2cef8c8ade5360fe87b6f21af0418b4bb87f0ee76ad42a2eb4e329dd3a44f45
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-