General
-
Target
2fbdf528e956b229735da90f9d8b99e591a20c69abadbe0f9c9a2bc936f5c443
-
Size
37KB
-
Sample
220630-wjjqzaehfr
-
MD5
743023f77b99de007c69bf2a5f6691d7
-
SHA1
d5f800818615f581f207a65c04ad76510724da72
-
SHA256
2fbdf528e956b229735da90f9d8b99e591a20c69abadbe0f9c9a2bc936f5c443
-
SHA512
c5ef8e5bc0e6c8df7e477679b82427ba996fe5d537a9818239ea7505cb7fac98f4803bd7be44e453af37a13f5b333c51288574dfff9d4e73930d6c18a49390e5
Static task
static1
Behavioral task
behavioral1
Sample
2fbdf528e956b229735da90f9d8b99e591a20c69abadbe0f9c9a2bc936f5c443.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2fbdf528e956b229735da90f9d8b99e591a20c69abadbe0f9c9a2bc936f5c443.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
svhost.exe
91.219.28.11:5552
4c358cdc78434d13514be8b97373756a
-
reg_key
4c358cdc78434d13514be8b97373756a
-
splitter
|'|'|
Targets
-
-
Target
2fbdf528e956b229735da90f9d8b99e591a20c69abadbe0f9c9a2bc936f5c443
-
Size
37KB
-
MD5
743023f77b99de007c69bf2a5f6691d7
-
SHA1
d5f800818615f581f207a65c04ad76510724da72
-
SHA256
2fbdf528e956b229735da90f9d8b99e591a20c69abadbe0f9c9a2bc936f5c443
-
SHA512
c5ef8e5bc0e6c8df7e477679b82427ba996fe5d537a9818239ea7505cb7fac98f4803bd7be44e453af37a13f5b333c51288574dfff9d4e73930d6c18a49390e5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-