General
-
Target
12062466a79412f3a8ed904cc159078b5f12d609ea9eee34ee62885b61e7bc08
-
Size
186KB
-
Sample
220521-pb49dafab8
-
MD5
286be33f8178c34befd230346bf1cee1
-
SHA1
2bc8aecc59fe3268bcc6551881497265c3dad53d
-
SHA256
12062466a79412f3a8ed904cc159078b5f12d609ea9eee34ee62885b61e7bc08
-
SHA512
4f1e82104f9f76868cfcdf6e002d5f632b8455b337ef4c6316cbba5a432214d177da19a501b91c62509370a599f2f2c2f25f46a995ce25e2aa421f8f7bd0442c
Static task
static1
Behavioral task
behavioral1
Sample
Purchase-Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase-Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Mon$y
whmfix009.cf:5409
67c692a08f8c138aa1c442e78c2761bc
-
reg_key
67c692a08f8c138aa1c442e78c2761bc
-
splitter
|'|'|
Targets
-
-
Target
Purchase-Order.exe
-
Size
313KB
-
MD5
98eef34a88d5e5764e73ef2f2fdbbe7c
-
SHA1
251153d80c187d77e718520067fa103f7ff06c7f
-
SHA256
84420e6ba6526a6a8ff940b6144497b346e1b0005a9ec7e686025219981d4658
-
SHA512
628e6c2a859f786300fe98ed8e136a7e49d5650b7c630893534f4f6eb6d62cd4ad44c011783cbdaacbf338245454bd815af1996c2a57976c1fcb057499623be9
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-