General
-
Target
481744d8559043a22a7a164cad83799725f289b5a4bdfbf6a267df31a758c739
-
Size
29KB
-
Sample
220714-eyx4gadccj
-
MD5
761931aa493ef696ab7a6114f5838279
-
SHA1
8930277e98496bc512f7f87f6b67cb90b693fc8b
-
SHA256
481744d8559043a22a7a164cad83799725f289b5a4bdfbf6a267df31a758c739
-
SHA512
d14742ec7bfb936396e4538821fd0df9a405939392f263e58ef669ee72f9288ae244e0ee37a00a814ba590385b320c085243fcaa5344f8c2608393d87937577f
Behavioral task
behavioral1
Sample
481744d8559043a22a7a164cad83799725f289b5a4bdfbf6a267df31a758c739.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.6.4
love
hostmorning.no-ip.biz:1177
a0ae746fbab3868c8ea432a9f04c7d16
-
reg_key
a0ae746fbab3868c8ea432a9f04c7d16
-
splitter
|'|'|
Targets
-
-
Target
481744d8559043a22a7a164cad83799725f289b5a4bdfbf6a267df31a758c739
-
Size
29KB
-
MD5
761931aa493ef696ab7a6114f5838279
-
SHA1
8930277e98496bc512f7f87f6b67cb90b693fc8b
-
SHA256
481744d8559043a22a7a164cad83799725f289b5a4bdfbf6a267df31a758c739
-
SHA512
d14742ec7bfb936396e4538821fd0df9a405939392f263e58ef669ee72f9288ae244e0ee37a00a814ba590385b320c085243fcaa5344f8c2608393d87937577f
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-