General
-
Target
46921f04caaf575af7c2b27fe05bf0904952339c0b22577736148ce1119f966f
-
Size
61KB
-
Sample
220707-j9z5esgfdp
-
MD5
904453e88a179fcab967e54eefbf4c85
-
SHA1
36c1aa1b9cc7ddae383f244a1b7222a326f832ea
-
SHA256
46921f04caaf575af7c2b27fe05bf0904952339c0b22577736148ce1119f966f
-
SHA512
ffc68895f032c72fc6da8f6352d6ac07dedb82606ddb5b78dff24f98a87160df37e198c894e0891528ed2c2aac6c67188ec0c1f26156f34b9e5f19dde2cac3a2
Static task
static1
Behavioral task
behavioral1
Sample
46921f04caaf575af7c2b27fe05bf0904952339c0b22577736148ce1119f966f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
46921f04caaf575af7c2b27fe05bf0904952339c0b22577736148ce1119f966f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.6.4
2018REIZAO
popup.onthewifi.com:1414
f896af4c63bc0de10b2ab6ccdbc93520
-
reg_key
f896af4c63bc0de10b2ab6ccdbc93520
-
splitter
|'|'|
Targets
-
-
Target
46921f04caaf575af7c2b27fe05bf0904952339c0b22577736148ce1119f966f
-
Size
61KB
-
MD5
904453e88a179fcab967e54eefbf4c85
-
SHA1
36c1aa1b9cc7ddae383f244a1b7222a326f832ea
-
SHA256
46921f04caaf575af7c2b27fe05bf0904952339c0b22577736148ce1119f966f
-
SHA512
ffc68895f032c72fc6da8f6352d6ac07dedb82606ddb5b78dff24f98a87160df37e198c894e0891528ed2c2aac6c67188ec0c1f26156f34b9e5f19dde2cac3a2
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-