General
-
Target
bDwa.exe
-
Size
32KB
-
Sample
220713-1bwg1sbbbj
-
MD5
bf9ad1e1abe52e5430f928361959c8bc
-
SHA1
8aecc718b82defe1760162f01352c4acd00bf452
-
SHA256
87e4207c28bee760b4016fc3887fb8fb12a3985d7f491573887c55acff43cbc8
-
SHA512
5c3513f8cb575df368bdade0a13a9e63204710c5d79f0ef725131e92cfee6a582a6ddb074be8bb301376e4a90c6fdaabef622c4e9e1666d98029131de9d54b61
Behavioral task
behavioral1
Sample
bDwa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bDwa.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
NYAN CAT
mojang.hopto.org:4444
3626e608483d42779097c5533d03bb66
-
reg_key
3626e608483d42779097c5533d03bb66
-
splitter
|'|'|
Targets
-
-
Target
bDwa.exe
-
Size
32KB
-
MD5
bf9ad1e1abe52e5430f928361959c8bc
-
SHA1
8aecc718b82defe1760162f01352c4acd00bf452
-
SHA256
87e4207c28bee760b4016fc3887fb8fb12a3985d7f491573887c55acff43cbc8
-
SHA512
5c3513f8cb575df368bdade0a13a9e63204710c5d79f0ef725131e92cfee6a582a6ddb074be8bb301376e4a90c6fdaabef622c4e9e1666d98029131de9d54b61
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-