General
-
Target
410bd8a58aab93ec8cadf3382e33748a7197908021be43ca8b8d09b0f1412274
-
Size
31KB
-
Sample
220521-m2xk4sche2
-
MD5
0d5a32c32c3b8bce3aa06b09f4efbfee
-
SHA1
eb931570375d3ea698435d448ca117685cea2675
-
SHA256
410bd8a58aab93ec8cadf3382e33748a7197908021be43ca8b8d09b0f1412274
-
SHA512
641764b38607f2115e3857e1e6c9cda08b04a14faac72b1f3d84c91769b8efbf576a313a1d58682b9d86653c2c0b5222b92ac1f5ab34469809893b2ebe1ef9aa
Behavioral task
behavioral1
Sample
410bd8a58aab93ec8cadf3382e33748a7197908021be43ca8b8d09b0f1412274.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
410bd8a58aab93ec8cadf3382e33748a7197908021be43ca8b8d09b0f1412274.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
MyBot
crossony228.hopto.org:6522
30daff742d5e10e337ea283839738411
-
reg_key
30daff742d5e10e337ea283839738411
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
410bd8a58aab93ec8cadf3382e33748a7197908021be43ca8b8d09b0f1412274
-
Size
31KB
-
MD5
0d5a32c32c3b8bce3aa06b09f4efbfee
-
SHA1
eb931570375d3ea698435d448ca117685cea2675
-
SHA256
410bd8a58aab93ec8cadf3382e33748a7197908021be43ca8b8d09b0f1412274
-
SHA512
641764b38607f2115e3857e1e6c9cda08b04a14faac72b1f3d84c91769b8efbf576a313a1d58682b9d86653c2c0b5222b92ac1f5ab34469809893b2ebe1ef9aa
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-