General
-
Target
c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7
-
Size
144KB
-
Sample
220630-wyk8caffcr
-
MD5
246dae845a64baedbdf28b4808d143fe
-
SHA1
7d0922cee3a00006296da8ec44d26973ac9f7607
-
SHA256
c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7
-
SHA512
b87dcfe01566f7d357447257db084720f4d2793d33d69ab4346fc1358a2074983f4c4f56030e24a5d42b35119864ea6080cc9b323a6a0a9c703045c017e79bb4
Static task
static1
Behavioral task
behavioral1
Sample
c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
AB
192.168.1.205,91.224.132.173,91.224.132.173,192.168.1.205:5553
b0fcade127d50dda11e85f8a467d7a02
-
reg_key
b0fcade127d50dda11e85f8a467d7a02
-
splitter
|'|'|
Targets
-
-
Target
c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7
-
Size
144KB
-
MD5
246dae845a64baedbdf28b4808d143fe
-
SHA1
7d0922cee3a00006296da8ec44d26973ac9f7607
-
SHA256
c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7
-
SHA512
b87dcfe01566f7d357447257db084720f4d2793d33d69ab4346fc1358a2074983f4c4f56030e24a5d42b35119864ea6080cc9b323a6a0a9c703045c017e79bb4
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-