General
-
Target
358c340b24ed844a0da24faf89d3dfbf739e22125aac4713f2e2a86b75a498fa
-
Size
23KB
-
Sample
220626-3vygtshcb9
-
MD5
7dbf99fde466824ed54b0cad264ac49a
-
SHA1
44f9ed9d10a587a9ddcaa7e351a41fa67ea0a689
-
SHA256
358c340b24ed844a0da24faf89d3dfbf739e22125aac4713f2e2a86b75a498fa
-
SHA512
317f37d59f6663f185173335773eb1ea280bb59a88d01e3291593d5c6b2b1c0813df083799106db4b5c34e259bf9088ee97d55af3473f6988fca972a20174c7c
Behavioral task
behavioral1
Sample
358c340b24ed844a0da24faf89d3dfbf739e22125aac4713f2e2a86b75a498fa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
358c340b24ed844a0da24faf89d3dfbf739e22125aac4713f2e2a86b75a498fa.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
279f6960ed84a752570aca7fb2dc1552
-
reg_key
279f6960ed84a752570aca7fb2dc1552
-
splitter
|'|'|
Targets
-
-
Target
358c340b24ed844a0da24faf89d3dfbf739e22125aac4713f2e2a86b75a498fa
-
Size
23KB
-
MD5
7dbf99fde466824ed54b0cad264ac49a
-
SHA1
44f9ed9d10a587a9ddcaa7e351a41fa67ea0a689
-
SHA256
358c340b24ed844a0da24faf89d3dfbf739e22125aac4713f2e2a86b75a498fa
-
SHA512
317f37d59f6663f185173335773eb1ea280bb59a88d01e3291593d5c6b2b1c0813df083799106db4b5c34e259bf9088ee97d55af3473f6988fca972a20174c7c
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-