General
-
Target
468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
-
Size
911KB
-
Sample
220707-kclq7sbaa2
-
MD5
5643f0b2bfcabcad1801cbd8037a0ead
-
SHA1
32501f11788468078d43eee8b5766b297924b40a
-
SHA256
468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
-
SHA512
7f7b16e18a2fb871eea08664d36d07aa72fb9d090e3ec96c03068745eabb9562ec8910b061f4c9919dbdd8da185685bd82a1b19b1bf85d109d03a00d569d732e
Static task
static1
Behavioral task
behavioral1
Sample
468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
Jan_22Xploit
drkao2.publicvm.com:8577
8fdfddc4763d800aac6ad954e6478bcd
-
reg_key
8fdfddc4763d800aac6ad954e6478bcd
-
splitter
|'|'|
Targets
-
-
Target
468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
-
Size
911KB
-
MD5
5643f0b2bfcabcad1801cbd8037a0ead
-
SHA1
32501f11788468078d43eee8b5766b297924b40a
-
SHA256
468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
-
SHA512
7f7b16e18a2fb871eea08664d36d07aa72fb9d090e3ec96c03068745eabb9562ec8910b061f4c9919dbdd8da185685bd82a1b19b1bf85d109d03a00d569d732e
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-