General
-
Target
5815e2a52d0329e01dd7b725079d214b
-
Size
98KB
-
Sample
220621-rt8qmaebdj
-
MD5
5815e2a52d0329e01dd7b725079d214b
-
SHA1
7a21939657d41ead3a20e9bd777b8370ca393de9
-
SHA256
96fffb7a76f1b3c9073d35f35292f987304538e1e8c7b8b234872a47c94aab0d
-
SHA512
cb43f81d887e9b192e440c8bf3626f3ecf4e89771de4c573a2c72f3096d2994e466060a667c970f4fd8f9d372c0dbda043b5304cd19f70c41fac1f6e0e296041
Static task
static1
Behavioral task
behavioral1
Sample
MgBMOjoQWC_hwstub.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MgBMOjoQWC_hwstub.js
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
bJHtVihBXX_acserver.js
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
bJHtVihBXX_acserver.js
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
sYCuOOjDOl_vjstub.js
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
sYCuOOjDOl_vjstub.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed By MustyMoney
104.168.7.110:5552
72f64d4ec723544c65ffca1cd7ba4ee6
-
reg_key
72f64d4ec723544c65ffca1cd7ba4ee6
-
splitter
|'|'|
Targets
-
-
Target
MgBMOjoQWC_hwstub.js
-
Size
51KB
-
MD5
0c7657296a9994e6446ff500bc1b76c3
-
SHA1
bfdc4584c89faa7f3356549494331ccc8497ab33
-
SHA256
692a8be00d69e5d0782766f270046aa871fea041e63d125da9e1252b135623f3
-
SHA512
8549c221d3316d3a57feb5c4bdca51ae504f5479e22b83150a9eca82fb0b5f8ef8b2aa134d2b96c5bef42a170cc7c4dc8099606f71fabcd490732f7b8926213d
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
-
-
Target
bJHtVihBXX_acserver.js
-
Size
70KB
-
MD5
3fb233467088b6906ae7ea8002352e86
-
SHA1
7f318b6db9a28e39bd0162945295f787956eba61
-
SHA256
db2525eb120cddd924084eb2d3adada700a65066f46f6c3675e47377ef09ee20
-
SHA512
e36763c44d0c1e46a986299e3499d476e6e920e8c6d8e704c832457d0ff7725dfa3f29944025a3c9b4205234e285bfdbb69c281f22e1945bcda6094488824cd2
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
-
-
Target
sYCuOOjDOl_vjstub.js
-
Size
29KB
-
MD5
dac9ed798f79a40ef59756c710f61593
-
SHA1
199bfa38a09181e9396cef4d3b29b0762c5ba987
-
SHA256
94036cd95dde4d8ec66e76a24755a15ac474c64b12e74ec87d29ff9b8a889160
-
SHA512
ec5119052e545e0246234b51777bc3a1a3a64ea0c9a3eab98b948896235bd5a49eca1616788636dc09ddd8328382f00b03e5c39139972cff2198667baf5bbcef
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-