General
-
Target
38df39b8f59e65ddfc8558b554ed8449815e2a1da263911f5fa5adc610101ae5
-
Size
212KB
-
Sample
220625-xa4kfshge9
-
MD5
b6fb59b629ff7361ca59bc57d44b3ffe
-
SHA1
24ffe3043b12a6db42cae02a6f46e213e3012fce
-
SHA256
38df39b8f59e65ddfc8558b554ed8449815e2a1da263911f5fa5adc610101ae5
-
SHA512
a6b9c88f3caa11e255a7f13fb4eb59d3668e6814e86aa5b8f97a86728a856d8e748561ea717add208ab7cd1af438ae88c7959b856c54da0f67cb725e26319dec
Static task
static1
Behavioral task
behavioral1
Sample
38df39b8f59e65ddfc8558b554ed8449815e2a1da263911f5fa5adc610101ae5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
38df39b8f59e65ddfc8558b554ed8449815e2a1da263911f5fa5adc610101ae5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Money$Bea$t
mailsdc61.ga:5490
efc8d3c97ca9383f77f8c3938dbe8fdd
-
reg_key
efc8d3c97ca9383f77f8c3938dbe8fdd
-
splitter
|'|'|
Targets
-
-
Target
38df39b8f59e65ddfc8558b554ed8449815e2a1da263911f5fa5adc610101ae5
-
Size
212KB
-
MD5
b6fb59b629ff7361ca59bc57d44b3ffe
-
SHA1
24ffe3043b12a6db42cae02a6f46e213e3012fce
-
SHA256
38df39b8f59e65ddfc8558b554ed8449815e2a1da263911f5fa5adc610101ae5
-
SHA512
a6b9c88f3caa11e255a7f13fb4eb59d3668e6814e86aa5b8f97a86728a856d8e748561ea717add208ab7cd1af438ae88c7959b856c54da0f67cb725e26319dec
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-