General
-
Target
svhost.bin
-
Size
27KB
-
Sample
220628-b5j9eagbh7
-
MD5
cfe17591bdd8229d4936091110b1191f
-
SHA1
9390141522e14a88464cf87e781f18914fa1bdf2
-
SHA256
94cabbd0384d2e2adc52a3b5bd915094c5b259a02224f72b405446f89e21c0f8
-
SHA512
e8cac5a9ea132a9e0dfc9d606fa87ce4e2abf1ce4aa7b1369c7fd394b7f551e858a3df39c04a8cdf5e9d9e16b1472dd314e76c80b3b72b85fa2d0f619129027c
Behavioral task
behavioral1
Sample
svhost.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
svhost.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
v2.0
HacKed
193.219.117.144:7777
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
svhost.bin
-
Size
27KB
-
MD5
cfe17591bdd8229d4936091110b1191f
-
SHA1
9390141522e14a88464cf87e781f18914fa1bdf2
-
SHA256
94cabbd0384d2e2adc52a3b5bd915094c5b259a02224f72b405446f89e21c0f8
-
SHA512
e8cac5a9ea132a9e0dfc9d606fa87ce4e2abf1ce4aa7b1369c7fd394b7f551e858a3df39c04a8cdf5e9d9e16b1472dd314e76c80b3b72b85fa2d0f619129027c
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-