General
-
Target
9ff8be4e2eccb72adaaa262e44bff1a2445e759f3e284a91ca8b130ef836b4bc
-
Size
23KB
-
Sample
220701-gkljmagdc6
-
MD5
d79fa6101c38f4bbcd81d853f0aa18bb
-
SHA1
0df544e32c4b3c2f58cbd15c68af48dfb3b58200
-
SHA256
9ff8be4e2eccb72adaaa262e44bff1a2445e759f3e284a91ca8b130ef836b4bc
-
SHA512
9e4b244e0983882d9411e67a149fa32a5b1f8981dbdf004ce1358b4bb3daf7ba22483f127238d257cbab4eef3877f7876710bc53a72427f2b4ef9ce00b4dc86d
Behavioral task
behavioral1
Sample
9ff8be4e2eccb72adaaa262e44bff1a2445e759f3e284a91ca8b130ef836b4bc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9ff8be4e2eccb72adaaa262e44bff1a2445e759f3e284a91ca8b130ef836b4bc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
198.169.0.1:1604
8b8cfe492ab67f57b448c0add5ef7412
-
reg_key
8b8cfe492ab67f57b448c0add5ef7412
-
splitter
|'|'|
Targets
-
-
Target
9ff8be4e2eccb72adaaa262e44bff1a2445e759f3e284a91ca8b130ef836b4bc
-
Size
23KB
-
MD5
d79fa6101c38f4bbcd81d853f0aa18bb
-
SHA1
0df544e32c4b3c2f58cbd15c68af48dfb3b58200
-
SHA256
9ff8be4e2eccb72adaaa262e44bff1a2445e759f3e284a91ca8b130ef836b4bc
-
SHA512
9e4b244e0983882d9411e67a149fa32a5b1f8981dbdf004ce1358b4bb3daf7ba22483f127238d257cbab4eef3877f7876710bc53a72427f2b4ef9ce00b4dc86d
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-