General
-
Target
792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
-
Size
93KB
-
Sample
220524-1sr6xshcg5
-
MD5
618baf8e7c20ee01ebddec4d8830ab71
-
SHA1
5006da7e81c4b1b20607f1a201f92526c0861238
-
SHA256
792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
-
SHA512
1d02345297c0fe5243674024934be9beca6cc2108bd83eb594cc82054dea117823d5f6940245438cf65e8078cdc1d64daac2b81d954e9666b84d0c4bdc7530e4
Behavioral task
behavioral1
Sample
792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
Hacker
aGFja2hvc3RuYW1lLmhvcHRvLm9yZwStrikStrik:MTk4NA==
c6941743bce17ae335bca7d6739b33d7
-
reg_key
c6941743bce17ae335bca7d6739b33d7
-
splitter
|'|'|
Targets
-
-
Target
792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
-
Size
93KB
-
MD5
618baf8e7c20ee01ebddec4d8830ab71
-
SHA1
5006da7e81c4b1b20607f1a201f92526c0861238
-
SHA256
792d4d7a1a0c7b192b231f03ef1b2c905f382a152bfc145702f2902c9e8efc79
-
SHA512
1d02345297c0fe5243674024934be9beca6cc2108bd83eb594cc82054dea117823d5f6940245438cf65e8078cdc1d64daac2b81d954e9666b84d0c4bdc7530e4
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-