General
-
Target
0x0006000000004ed7-55.dat
-
Size
37KB
-
Sample
220521-ttv6msabc5
-
MD5
05d1abc69e538eb3c86bfeacc33c2a10
-
SHA1
f424222562968f86d5d043cce57b1a0389061150
-
SHA256
cf37aa59e0d281f372b3801bcd62dba2dbf280d6f9edb48dc9c1565897d81918
-
SHA512
e8aa15db240a82a24e8143df79fec3356e60942df6c26ca4ea995108d9e165292679dc94ea4ff55a7831ac0a47a938c45594733e48052aabf865284229751526
Behavioral task
behavioral1
Sample
0x0006000000004ed7-55.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0x0006000000004ed7-55.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
WormRATT
178.33.93.88:1742
7869d44e9b90d6b1e669bf52c9e89c61
-
reg_key
7869d44e9b90d6b1e669bf52c9e89c61
-
splitter
|'|'|
Targets
-
-
Target
0x0006000000004ed7-55.dat
-
Size
37KB
-
MD5
05d1abc69e538eb3c86bfeacc33c2a10
-
SHA1
f424222562968f86d5d043cce57b1a0389061150
-
SHA256
cf37aa59e0d281f372b3801bcd62dba2dbf280d6f9edb48dc9c1565897d81918
-
SHA512
e8aa15db240a82a24e8143df79fec3356e60942df6c26ca4ea995108d9e165292679dc94ea4ff55a7831ac0a47a938c45594733e48052aabf865284229751526
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-