General
-
Target
bd6a7a95b6a622700a3b3227c5d501024635a23040a1a8c2d57bd297e40283de
-
Size
330KB
-
Sample
220630-v5pzfagac7
-
MD5
d9efea40f55230d9a7ef1abf4ec714f9
-
SHA1
e85bae111eb20c2f2274f082a3db5130dd432c52
-
SHA256
bd6a7a95b6a622700a3b3227c5d501024635a23040a1a8c2d57bd297e40283de
-
SHA512
78ec965786df90216ce25fc54af0f018147c853280d0e209a73fecf90924fc9d5f8a13f4ff76632d5a993fb47eac75f614708a84732df6e3101f3b8ac893b6b6
Static task
static1
Behavioral task
behavioral1
Sample
bd6a7a95b6a622700a3b3227c5d501024635a23040a1a8c2d57bd297e40283de.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bd6a7a95b6a622700a3b3227c5d501024635a23040a1a8c2d57bd297e40283de.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
lusika.ddns.net:4546
7287e911ef603f275a9cc4b3d587d24a
-
reg_key
7287e911ef603f275a9cc4b3d587d24a
-
splitter
|'|'|
Targets
-
-
Target
bd6a7a95b6a622700a3b3227c5d501024635a23040a1a8c2d57bd297e40283de
-
Size
330KB
-
MD5
d9efea40f55230d9a7ef1abf4ec714f9
-
SHA1
e85bae111eb20c2f2274f082a3db5130dd432c52
-
SHA256
bd6a7a95b6a622700a3b3227c5d501024635a23040a1a8c2d57bd297e40283de
-
SHA512
78ec965786df90216ce25fc54af0f018147c853280d0e209a73fecf90924fc9d5f8a13f4ff76632d5a993fb47eac75f614708a84732df6e3101f3b8ac893b6b6
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-