General
-
Target
Server.bin
-
Size
93KB
-
Sample
220706-fzm6bsbbc5
-
MD5
edaf154b94f8808071e089661c89412e
-
SHA1
31b1c1eefe489f1f348002d5b01870b268b24ca0
-
SHA256
20184619a871dccba37b64770f1ce258c11b1406302b7d8f0a1c2957c4bcd393
-
SHA512
8461f866a721daf7d78e4b942f6c73a89db84edc3fdef34aa5e2fc4f5bb5d43c57bba9b7d164819cd2fd9f155e946439e9a9ab1ff9bcbc5f1dbedf406314c0ae
Static task
static1
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Server.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed By CobrA 217
Y29icmFzc3Nzc3Nzc3Nzcy5kZG5zLm5ldAStrikStrik:MTE3Nw==
3a080181c5938cd7611a562e79328fc0
-
reg_key
3a080181c5938cd7611a562e79328fc0
-
splitter
|'|'|
Targets
-
-
Target
Server.bin
-
Size
93KB
-
MD5
edaf154b94f8808071e089661c89412e
-
SHA1
31b1c1eefe489f1f348002d5b01870b268b24ca0
-
SHA256
20184619a871dccba37b64770f1ce258c11b1406302b7d8f0a1c2957c4bcd393
-
SHA512
8461f866a721daf7d78e4b942f6c73a89db84edc3fdef34aa5e2fc4f5bb5d43c57bba9b7d164819cd2fd9f155e946439e9a9ab1ff9bcbc5f1dbedf406314c0ae
Score10/10-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-