General
-
Target
d7df5d8bb14f27d0772623cfe2906a8f2ba6717ec9d3f06b633e3aeee782a675
-
Size
93KB
-
Sample
220701-gevv4sedfk
-
MD5
e9d171e5b1c5efc89e580912ec391906
-
SHA1
23c8855cad568a45aebeb640e42ab7254076f540
-
SHA256
d7df5d8bb14f27d0772623cfe2906a8f2ba6717ec9d3f06b633e3aeee782a675
-
SHA512
b56a7c1b605e0c8cfb6134e28ec0b8b915784677a3da7d58c635dadaa81a962d0af5a4d984c495653e9a57daee14e0d232faa85b9194b2ce87960d76cb07b7a8
Behavioral task
behavioral1
Sample
d7df5d8bb14f27d0772623cfe2906a8f2ba6717ec9d3f06b633e3aeee782a675.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOTI3LjAuFRANSESCOC4x:NTU1Mw==
17e7855137332dfa4f631e0bc88ed208
-
reg_key
17e7855137332dfa4f631e0bc88ed208
-
splitter
|'|'|
Targets
-
-
Target
d7df5d8bb14f27d0772623cfe2906a8f2ba6717ec9d3f06b633e3aeee782a675
-
Size
93KB
-
MD5
e9d171e5b1c5efc89e580912ec391906
-
SHA1
23c8855cad568a45aebeb640e42ab7254076f540
-
SHA256
d7df5d8bb14f27d0772623cfe2906a8f2ba6717ec9d3f06b633e3aeee782a675
-
SHA512
b56a7c1b605e0c8cfb6134e28ec0b8b915784677a3da7d58c635dadaa81a962d0af5a4d984c495653e9a57daee14e0d232faa85b9194b2ce87960d76cb07b7a8
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-