General
-
Target
a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
-
Size
6.3MB
-
Sample
220630-3le9wscdgq
-
MD5
2d60806c673098adf08437919162e2d3
-
SHA1
c714e5387ce1ee35e4cd5609d6e6676614ea2047
-
SHA256
a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
-
SHA512
84ea44515ad2a5dd26d5f2919e21f1010d341b371aec6b6f4e440abbc43d04391ec934eb329e1fa3f5d0919e4c08a9f5f990ff2a3fedc8e0698b9744d60823a1
Static task
static1
Behavioral task
behavioral1
Sample
a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
37.1.215.39:5554
f704da8f7e6285f60ed411ae6b3239bf
-
reg_key
f704da8f7e6285f60ed411ae6b3239bf
-
splitter
|'|'|
Targets
-
-
Target
a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
-
Size
6.3MB
-
MD5
2d60806c673098adf08437919162e2d3
-
SHA1
c714e5387ce1ee35e4cd5609d6e6676614ea2047
-
SHA256
a0050d14eac902beea431892446e578054c4b2ba9af94571ea024bbc3c6841ab
-
SHA512
84ea44515ad2a5dd26d5f2919e21f1010d341b371aec6b6f4e440abbc43d04391ec934eb329e1fa3f5d0919e4c08a9f5f990ff2a3fedc8e0698b9744d60823a1
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-