General
-
Target
fbebd1bf86a052ff5e4540eda267776c71ad870911e53c2e5f40e8fa66f8d2b8
-
Size
181KB
-
Sample
220625-le929aegcj
-
MD5
0c9f666b100f08c29b172503c855f985
-
SHA1
20fff63d2e1afa452162f5224d7d7114e97afbf1
-
SHA256
fbebd1bf86a052ff5e4540eda267776c71ad870911e53c2e5f40e8fa66f8d2b8
-
SHA512
59f3065b4c5879c15bef58e0814249464a1e3777a800c7443073e6b96003d14c61e36956e411afaf674b245223d02cd723afcaf75c8d7fea3ee9b252859e6264
Static task
static1
Behavioral task
behavioral1
Sample
fbebd1bf86a052ff5e4540eda267776c71ad870911e53c2e5f40e8fa66f8d2b8.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
cass
107.167.244.67:31922
cf6e3f95a16ddd65e5d5ff36b6f40c8d
-
reg_key
cf6e3f95a16ddd65e5d5ff36b6f40c8d
-
splitter
|'|'|
Targets
-
-
Target
fbebd1bf86a052ff5e4540eda267776c71ad870911e53c2e5f40e8fa66f8d2b8
-
Size
181KB
-
MD5
0c9f666b100f08c29b172503c855f985
-
SHA1
20fff63d2e1afa452162f5224d7d7114e97afbf1
-
SHA256
fbebd1bf86a052ff5e4540eda267776c71ad870911e53c2e5f40e8fa66f8d2b8
-
SHA512
59f3065b4c5879c15bef58e0814249464a1e3777a800c7443073e6b96003d14c61e36956e411afaf674b245223d02cd723afcaf75c8d7fea3ee9b252859e6264
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-