General
-
Target
010f5f978596f99377d06c9a6e7b982def7c5cbb857e091af1a3f68c27295bc9
-
Size
178KB
-
Sample
220521-pc5xasfaf5
-
MD5
91bbdd26320c48a2d7c61fb132f78c3a
-
SHA1
a886e410c1910e2823dd032143eb73c8d3e458e4
-
SHA256
010f5f978596f99377d06c9a6e7b982def7c5cbb857e091af1a3f68c27295bc9
-
SHA512
a3a865ed5334c810b111fbca1da386590d8d2dedc00f2ade9c892f22845eff1ff2a6c4e59540fe5d37d970c0ac2c60fa2551be9bd3879b908da05e8620d23144
Static task
static1
Behavioral task
behavioral1
Sample
NEW_PURCHASE_ORDER_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW_PURCHASE_ORDER_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Mon$y
whmfix009.cf:5409
67c692a08f8c138aa1c442e78c2761bc
-
reg_key
67c692a08f8c138aa1c442e78c2761bc
-
splitter
|'|'|
Targets
-
-
Target
NEW_PURCHASE_ORDER_.exe
-
Size
282KB
-
MD5
94cd3aef83f29bb2dd6d8fe40d751603
-
SHA1
eb3439a00509d5e8ba99f97323cf2617d97b3106
-
SHA256
0fa2721f9583ee945d3909290c0ead73dcf4e3cb5739a6f4423f3da6899fd602
-
SHA512
fc78829979bd284924cc752dafd47a9dd6813e59b76c9620bd18eb3fb179db66aa87584600d38e15d0637ba52f8fbd8618b2de836251ae9d0e5b0d5c61b9c0db
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-