General
-
Target
c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
-
Size
168KB
-
Sample
220702-xek9nsahc2
-
MD5
0ead8bf1a82f825a23acba001fa5d8f4
-
SHA1
d53abb4494d355f6954cea7ba866588593934992
-
SHA256
c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
-
SHA512
5fda6c76bb39547844114ded578f7881fa9433d8da45d4df67c48cc17a9fce90b90c918e9cc4611b6bb86cef444cb00b11f10d219d3d1eb33f713b4741f8dc05
Static task
static1
Behavioral task
behavioral1
Sample
c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1234
cc0012ca95288ee5cb550c3649e082f9
-
reg_key
cc0012ca95288ee5cb550c3649e082f9
-
splitter
|'|'|
Targets
-
-
Target
c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
-
Size
168KB
-
MD5
0ead8bf1a82f825a23acba001fa5d8f4
-
SHA1
d53abb4494d355f6954cea7ba866588593934992
-
SHA256
c4906d9e92bbbb0302f3409adb459b9bc31f75282780a9a56b6bff2bc908715b
-
SHA512
5fda6c76bb39547844114ded578f7881fa9433d8da45d4df67c48cc17a9fce90b90c918e9cc4611b6bb86cef444cb00b11f10d219d3d1eb33f713b4741f8dc05
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-