General
-
Target
36052b2e4d58145d7ea60045bdd5afc10dc168eb9451ef2029511cd929b68944
-
Size
29KB
-
Sample
220626-1853qacfcr
-
MD5
13f58dfd117d898323b225c0a5ccc5f4
-
SHA1
ef333f79c99d1ea871bfa2d25492f205643f589b
-
SHA256
36052b2e4d58145d7ea60045bdd5afc10dc168eb9451ef2029511cd929b68944
-
SHA512
49637dd7084ae38654d876b000590aca768a4098a159b9b0196580c91494fb534c4e07478740611814288e7a7bd5bdff62691ebc43efd76d8928fc7225cbe763
Behavioral task
behavioral1
Sample
36052b2e4d58145d7ea60045bdd5afc10dc168eb9451ef2029511cd929b68944.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
36052b2e4d58145d7ea60045bdd5afc10dc168eb9451ef2029511cd929b68944
-
Size
29KB
-
MD5
13f58dfd117d898323b225c0a5ccc5f4
-
SHA1
ef333f79c99d1ea871bfa2d25492f205643f589b
-
SHA256
36052b2e4d58145d7ea60045bdd5afc10dc168eb9451ef2029511cd929b68944
-
SHA512
49637dd7084ae38654d876b000590aca768a4098a159b9b0196580c91494fb534c4e07478740611814288e7a7bd5bdff62691ebc43efd76d8928fc7225cbe763
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-