General
-
Target
21faa14a2d83f66570059b5f4bbbf65112a8d39eed501e5c50dc8ca1c726a8da
-
Size
3.5MB
-
Sample
220630-v264jsfgh8
-
MD5
0a7e10c0a1303461f988b158f5be1a0f
-
SHA1
3a1a3abe6f4676a34b2ab00201ef09d39cbf9851
-
SHA256
21faa14a2d83f66570059b5f4bbbf65112a8d39eed501e5c50dc8ca1c726a8da
-
SHA512
da75b7be2267eeaf8c3ac6ea0fb23c89cf981f8ccb58d1b26f8db834c0d500571a6a5ee7cb00df1af740f291a5e0d63c9d2c0109b7ee536bb28479c385fa04b1
Static task
static1
Behavioral task
behavioral1
Sample
21faa14a2d83f66570059b5f4bbbf65112a8d39eed501e5c50dc8ca1c726a8da.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
21faa14a2d83f66570059b5f4bbbf65112a8d39eed501e5c50dc8ca1c726a8da.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
pyhton
FRANSESCOTI3LjAuFRANSESCOC4x:OTI5MQ==
4b1517cc8c9c7814e25500e088df1ba7
-
reg_key
4b1517cc8c9c7814e25500e088df1ba7
-
splitter
|'|'|
Targets
-
-
Target
21faa14a2d83f66570059b5f4bbbf65112a8d39eed501e5c50dc8ca1c726a8da
-
Size
3.5MB
-
MD5
0a7e10c0a1303461f988b158f5be1a0f
-
SHA1
3a1a3abe6f4676a34b2ab00201ef09d39cbf9851
-
SHA256
21faa14a2d83f66570059b5f4bbbf65112a8d39eed501e5c50dc8ca1c726a8da
-
SHA512
da75b7be2267eeaf8c3ac6ea0fb23c89cf981f8ccb58d1b26f8db834c0d500571a6a5ee7cb00df1af740f291a5e0d63c9d2c0109b7ee536bb28479c385fa04b1
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-