General
-
Target
b05ad7a7bdeb9f4217dcf68f73817db032d55b9884f2ba69f40967af0abe218f
-
Size
31KB
-
Sample
220524-sxms1abfdl
-
MD5
1ff8cbbd10873bd03aa7a2a8972536de
-
SHA1
64bb92321f86dae87d5cd4a3deb667a0eb5b5bdd
-
SHA256
b05ad7a7bdeb9f4217dcf68f73817db032d55b9884f2ba69f40967af0abe218f
-
SHA512
04226169bd38741c440a4956b2d3c740da06811d5aada571defec3c0cbed759ef78fce394506eaeb523014cf6ddc1672a943ee72f6c988de9c4556d30e7c373b
Behavioral task
behavioral1
Sample
b05ad7a7bdeb9f4217dcf68f73817db032d55b9884f2ba69f40967af0abe218f.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
hacker
gugu.zapto.org:6522
673a2b1b4c3514163eac4c9951b69533
-
reg_key
673a2b1b4c3514163eac4c9951b69533
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
b05ad7a7bdeb9f4217dcf68f73817db032d55b9884f2ba69f40967af0abe218f
-
Size
31KB
-
MD5
1ff8cbbd10873bd03aa7a2a8972536de
-
SHA1
64bb92321f86dae87d5cd4a3deb667a0eb5b5bdd
-
SHA256
b05ad7a7bdeb9f4217dcf68f73817db032d55b9884f2ba69f40967af0abe218f
-
SHA512
04226169bd38741c440a4956b2d3c740da06811d5aada571defec3c0cbed759ef78fce394506eaeb523014cf6ddc1672a943ee72f6c988de9c4556d30e7c373b
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-