General
-
Target
3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
-
Size
31KB
-
Sample
220521-am7fjsaec3
-
MD5
4c3fe802909235ddb4202eda5ead4d1e
-
SHA1
1e6f88ead6df2d9f1c99e037f2a6141bcf65aa59
-
SHA256
3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
-
SHA512
845c1fb3bea189e927df5b3e04eb87744eec04cabbc07d86a5760749613876858aab7a1a3bdf58973dbbc0a0f7851644c399b6771125e0ca7d5be7c1250f966d
Behavioral task
behavioral1
Sample
3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
q
192.168.1.3:7777
ad0e8fb502ecf928942daab540ba981e
-
reg_key
ad0e8fb502ecf928942daab540ba981e
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
-
Size
31KB
-
MD5
4c3fe802909235ddb4202eda5ead4d1e
-
SHA1
1e6f88ead6df2d9f1c99e037f2a6141bcf65aa59
-
SHA256
3e49ee97714da6fdde1963624b2fdfa24a368c68a151630276b272163ce43f9d
-
SHA512
845c1fb3bea189e927df5b3e04eb87744eec04cabbc07d86a5760749613876858aab7a1a3bdf58973dbbc0a0f7851644c399b6771125e0ca7d5be7c1250f966d
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-