General
-
Target
d388962e41b68de23540dd2807d4eab44e96f20937dd3efca21d47e5d70da7b5
-
Size
9.5MB
-
Sample
220630-wj98xsfaaq
-
MD5
1f85d0c1a3ebd335c279120179f08e63
-
SHA1
1b2cf3fdfd62414edf4b65d2c6525c3b9ba6260a
-
SHA256
d388962e41b68de23540dd2807d4eab44e96f20937dd3efca21d47e5d70da7b5
-
SHA512
d8a80a0037d9a218d8de6f2d40c9665e92497d041919a19aa0adb44b69004bfeac61528bfe410a267151b9a878c9aeecaa4d8177cfc3c6257c6f4b15c69837ac
Static task
static1
Behavioral task
behavioral1
Sample
d388962e41b68de23540dd2807d4eab44e96f20937dd3efca21d47e5d70da7b5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d388962e41b68de23540dd2807d4eab44e96f20937dd3efca21d47e5d70da7b5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
212683d986fb740ad6a40184df48e604
-
reg_key
212683d986fb740ad6a40184df48e604
-
splitter
|'|'|
Targets
-
-
Target
d388962e41b68de23540dd2807d4eab44e96f20937dd3efca21d47e5d70da7b5
-
Size
9.5MB
-
MD5
1f85d0c1a3ebd335c279120179f08e63
-
SHA1
1b2cf3fdfd62414edf4b65d2c6525c3b9ba6260a
-
SHA256
d388962e41b68de23540dd2807d4eab44e96f20937dd3efca21d47e5d70da7b5
-
SHA512
d8a80a0037d9a218d8de6f2d40c9665e92497d041919a19aa0adb44b69004bfeac61528bfe410a267151b9a878c9aeecaa4d8177cfc3c6257c6f4b15c69837ac
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-