General
-
Target
tmpE1B.tmp.exe
-
Size
37KB
-
Sample
220618-zqanesdgg6
-
MD5
73196f394725a9623d84a512cdddf6ce
-
SHA1
4d24d92f70b2cbce52b1b173162b8f504ee7752f
-
SHA256
ee4ab4017c6e9c0883b2c1e42d0f0264f178ad2c6416e07d77169fdf94d1b1a4
-
SHA512
9c7d00237665f6a1df06217d156cbf07e499f60a7b4eb807b2df107f7392d710cb2439d524827b50492578c652ba20b81f95e4e0eee9f144330847f041971ed6
Behavioral task
behavioral1
Sample
tmpE1B.tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmpE1B.tmp.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
NEXT
109.197.196.135:9991
413491cbe232876548b9b7cd8a1b451d
-
reg_key
413491cbe232876548b9b7cd8a1b451d
-
splitter
|'|'|
Targets
-
-
Target
tmpE1B.tmp.exe
-
Size
37KB
-
MD5
73196f394725a9623d84a512cdddf6ce
-
SHA1
4d24d92f70b2cbce52b1b173162b8f504ee7752f
-
SHA256
ee4ab4017c6e9c0883b2c1e42d0f0264f178ad2c6416e07d77169fdf94d1b1a4
-
SHA512
9c7d00237665f6a1df06217d156cbf07e499f60a7b4eb807b2df107f7392d710cb2439d524827b50492578c652ba20b81f95e4e0eee9f144330847f041971ed6
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-