General
-
Target
4de84a73f90891c2671018482c913cccd62d4483627ebaaedbe0196ae1ac1841
-
Size
23KB
-
Sample
220720-x2jpcsgce4
-
MD5
81e650a3b9257dcd86e3df93160727c1
-
SHA1
e66d562839bb6b634afe5a678b9d5172c1ae617d
-
SHA256
4de84a73f90891c2671018482c913cccd62d4483627ebaaedbe0196ae1ac1841
-
SHA512
17002c5feddfdf1b63b7ac23db37ec0e775220bef829448952477299edceeed6562e376d9ec37139bedad32cf408e9616f83b2668ce07e3247077713cae98d84
Behavioral task
behavioral1
Sample
4de84a73f90891c2671018482c913cccd62d4483627ebaaedbe0196ae1ac1841.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
4de84a73f90891c2671018482c913cccd62d4483627ebaaedbe0196ae1ac1841.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
279f6960ed84a752570aca7fb2dc1552
-
reg_key
279f6960ed84a752570aca7fb2dc1552
-
splitter
|'|'|
Targets
-
-
Target
4de84a73f90891c2671018482c913cccd62d4483627ebaaedbe0196ae1ac1841
-
Size
23KB
-
MD5
81e650a3b9257dcd86e3df93160727c1
-
SHA1
e66d562839bb6b634afe5a678b9d5172c1ae617d
-
SHA256
4de84a73f90891c2671018482c913cccd62d4483627ebaaedbe0196ae1ac1841
-
SHA512
17002c5feddfdf1b63b7ac23db37ec0e775220bef829448952477299edceeed6562e376d9ec37139bedad32cf408e9616f83b2668ce07e3247077713cae98d84
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-