General
-
Target
46300720af3f1e740801c2f4ed8daae0092d2ff9bac6c9ce1a519bb2c9ffc967
-
Size
29KB
-
Sample
220707-lh5a6sbbcp
-
MD5
b7556751228f3ca65a01240d992a1457
-
SHA1
de70008f70f9815bdfb3bd2640783faba7b4e266
-
SHA256
46300720af3f1e740801c2f4ed8daae0092d2ff9bac6c9ce1a519bb2c9ffc967
-
SHA512
0888e3e61a6078a3c8408049394e279bbf741cd46bce9569bce3e74c6a8c733e77cc5b625ec1c89f1e66bec160eb80bf6bea59984572984195b99bc47292dd3f
Behavioral task
behavioral1
Sample
46300720af3f1e740801c2f4ed8daae0092d2ff9bac6c9ce1a519bb2c9ffc967.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
46300720af3f1e740801c2f4ed8daae0092d2ff9bac6c9ce1a519bb2c9ffc967.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.6.4
script 1
libraries.ddns.net:1666
91fde4f428bd87ae4f9f55f83c858c66
-
reg_key
91fde4f428bd87ae4f9f55f83c858c66
-
splitter
|'|'|
Targets
-
-
Target
46300720af3f1e740801c2f4ed8daae0092d2ff9bac6c9ce1a519bb2c9ffc967
-
Size
29KB
-
MD5
b7556751228f3ca65a01240d992a1457
-
SHA1
de70008f70f9815bdfb3bd2640783faba7b4e266
-
SHA256
46300720af3f1e740801c2f4ed8daae0092d2ff9bac6c9ce1a519bb2c9ffc967
-
SHA512
0888e3e61a6078a3c8408049394e279bbf741cd46bce9569bce3e74c6a8c733e77cc5b625ec1c89f1e66bec160eb80bf6bea59984572984195b99bc47292dd3f
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-