General
-
Target
ja.exe
-
Size
93KB
-
Sample
220704-vhy9lacdc2
-
MD5
f2321adc190e7db9b1f3b85e88f7ae54
-
SHA1
0b6126aaab291e1dbe0006411eff27789994aa78
-
SHA256
dfe4b6b4f1bda60e6870666e6e4809a8e3ee4827db737525c9313bfbc87bf5c1
-
SHA512
e07182b6653cbe64c8c1b9d533adc2a476e9490d8cecf0281f12c0187a2915301337bf3f2d96880706f9369e2adf7cb32538c1852e73ce53e1b236515569b830
Behavioral task
behavioral1
Sample
ja.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOTI3LjAuFRANSESCOC4x:NTU1Mg==
fb116b75140ecc0173c4ba46bdb8d155
-
reg_key
fb116b75140ecc0173c4ba46bdb8d155
-
splitter
|'|'|
Targets
-
-
Target
ja.exe
-
Size
93KB
-
MD5
f2321adc190e7db9b1f3b85e88f7ae54
-
SHA1
0b6126aaab291e1dbe0006411eff27789994aa78
-
SHA256
dfe4b6b4f1bda60e6870666e6e4809a8e3ee4827db737525c9313bfbc87bf5c1
-
SHA512
e07182b6653cbe64c8c1b9d533adc2a476e9490d8cecf0281f12c0187a2915301337bf3f2d96880706f9369e2adf7cb32538c1852e73ce53e1b236515569b830
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-