General
-
Target
1f8797a5ea837b256d7ecf7e3cd1fed52fcbd765e91c93975a69e56781806907
-
Size
601KB
-
Sample
220625-lvambsfdgj
-
MD5
d9c8bd38f224c7a9708ea0699ea0411b
-
SHA1
81d7ef1b4ab40e8aecedfc0964498d023c398b56
-
SHA256
1f8797a5ea837b256d7ecf7e3cd1fed52fcbd765e91c93975a69e56781806907
-
SHA512
8fa732f8d262911ca152b3555a2d134fe3919d105710f1c0877c60f2524113676c27910497171ca713082041480d0173064be6666ec23b93faee2ea2933f9b8a
Static task
static1
Behavioral task
behavioral1
Sample
1f8797a5ea837b256d7ecf7e3cd1fed52fcbd765e91c93975a69e56781806907.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1f8797a5ea837b256d7ecf7e3cd1fed52fcbd765e91c93975a69e56781806907.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
134.249.177.58:1604
262f5018bfdda234f289191972a2bad6
-
reg_key
262f5018bfdda234f289191972a2bad6
-
splitter
|'|'|
Targets
-
-
Target
1f8797a5ea837b256d7ecf7e3cd1fed52fcbd765e91c93975a69e56781806907
-
Size
601KB
-
MD5
d9c8bd38f224c7a9708ea0699ea0411b
-
SHA1
81d7ef1b4ab40e8aecedfc0964498d023c398b56
-
SHA256
1f8797a5ea837b256d7ecf7e3cd1fed52fcbd765e91c93975a69e56781806907
-
SHA512
8fa732f8d262911ca152b3555a2d134fe3919d105710f1c0877c60f2524113676c27910497171ca713082041480d0173064be6666ec23b93faee2ea2933f9b8a
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-