General
-
Target
3bdc59efa34736457c7bb023c755470ef3bd29b81f733e59b2594f6373f876c3
-
Size
852KB
-
Sample
220703-ldd87afga3
-
MD5
176b5acb7e99a0f6b96e67008211a6ba
-
SHA1
3cc11249673f7d66ce36da881a461c12a435e421
-
SHA256
3bdc59efa34736457c7bb023c755470ef3bd29b81f733e59b2594f6373f876c3
-
SHA512
168744ff4454a49666092694bd2949d3bc5d50703d855077651fff3ba7be91e398d053a4fe797cdc74bfdfb52c8fa1e765bd4989ef46b47949610c5eb05ddf5a
Static task
static1
Behavioral task
behavioral1
Sample
3bdc59efa34736457c7bb023c755470ef3bd29b81f733e59b2594f6373f876c3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3bdc59efa34736457c7bb023c755470ef3bd29b81f733e59b2594f6373f876c3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.6.4
HacKed
shadowpro87.ddns.net:1177
9165950e91e4e361fa21d31cf1cfc39b
-
reg_key
9165950e91e4e361fa21d31cf1cfc39b
-
splitter
|'|'|
Targets
-
-
Target
3bdc59efa34736457c7bb023c755470ef3bd29b81f733e59b2594f6373f876c3
-
Size
852KB
-
MD5
176b5acb7e99a0f6b96e67008211a6ba
-
SHA1
3cc11249673f7d66ce36da881a461c12a435e421
-
SHA256
3bdc59efa34736457c7bb023c755470ef3bd29b81f733e59b2594f6373f876c3
-
SHA512
168744ff4454a49666092694bd2949d3bc5d50703d855077651fff3ba7be91e398d053a4fe797cdc74bfdfb52c8fa1e765bd4989ef46b47949610c5eb05ddf5a
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-