General
-
Target
28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
-
Size
93KB
-
Sample
220708-s9zckabac9
-
MD5
ad5ffd5268a01b519b539f1233b52fee
-
SHA1
1dde3b4a1c4b9b1ac753d649bf16f14744331e39
-
SHA256
28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
-
SHA512
f73539047ac22ec1e3c1dd73401116b35cb43d305229f2c3bbc1ba89f1129fd05db8cb8db4bda7c8ac4970bc07fdb578568d80aa4e1bdaec319530f31ea32bd1
Behavioral task
behavioral1
Sample
28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
hacker
FRANSESCOTI3LjAuFRANSESCOC4x:MTYwNA==
dfd6ed83b13338db2ca4f209d9a7474f
-
reg_key
dfd6ed83b13338db2ca4f209d9a7474f
-
splitter
|'|'|
Targets
-
-
Target
28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
-
Size
93KB
-
MD5
ad5ffd5268a01b519b539f1233b52fee
-
SHA1
1dde3b4a1c4b9b1ac753d649bf16f14744331e39
-
SHA256
28d9c94fe4df6182e2a59cd806837ea242dd7971a44cc6f132220ab45e3ec27c
-
SHA512
f73539047ac22ec1e3c1dd73401116b35cb43d305229f2c3bbc1ba89f1129fd05db8cb8db4bda7c8ac4970bc07fdb578568d80aa4e1bdaec319530f31ea32bd1
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-