General
-
Target
4446e5802b8f2c80a7831169b68c5cfdd83f3b410ab81f5dbd848c134c9a82d1
-
Size
29KB
-
Sample
220707-yjes5abea7
-
MD5
1f8d6d7493bfebb5c801997c0800d589
-
SHA1
275c9c445673a7cb2dfe491268cc17ba7a138bb1
-
SHA256
4446e5802b8f2c80a7831169b68c5cfdd83f3b410ab81f5dbd848c134c9a82d1
-
SHA512
4102580b518d99d860bd19594f76b0cf82dad3be533f90118eb5b3fa6f0bc05a7d2ce46f973b99a6f5807dc08da0cca50febd10cb24c308d8d01949a80043c1c
Behavioral task
behavioral1
Sample
4446e5802b8f2c80a7831169b68c5cfdd83f3b410ab81f5dbd848c134c9a82d1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4446e5802b8f2c80a7831169b68c5cfdd83f3b410ab81f5dbd848c134c9a82d1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.6.4
hakerbatna.ddns.net:1177
55b3825ee39ada2fcddf7c7accbde69e
-
reg_key
55b3825ee39ada2fcddf7c7accbde69e
-
splitter
|'|'|
Targets
-
-
Target
4446e5802b8f2c80a7831169b68c5cfdd83f3b410ab81f5dbd848c134c9a82d1
-
Size
29KB
-
MD5
1f8d6d7493bfebb5c801997c0800d589
-
SHA1
275c9c445673a7cb2dfe491268cc17ba7a138bb1
-
SHA256
4446e5802b8f2c80a7831169b68c5cfdd83f3b410ab81f5dbd848c134c9a82d1
-
SHA512
4102580b518d99d860bd19594f76b0cf82dad3be533f90118eb5b3fa6f0bc05a7d2ce46f973b99a6f5807dc08da0cca50febd10cb24c308d8d01949a80043c1c
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-