General
-
Target
a34c9020a14d78a10b28a1784149ba7826895858cb1c9d636d56839dabb07ecf
-
Size
29KB
-
Sample
220724-sjmabagch7
-
MD5
f106bafcdab0eb37a2fc44211c364481
-
SHA1
5232f148bf6cf0b719c039f59a2096d1d7f8efa8
-
SHA256
a34c9020a14d78a10b28a1784149ba7826895858cb1c9d636d56839dabb07ecf
-
SHA512
4cf1439c110d8ae3abafcf30864ffdb101a5dbb5172c8e2b2f6cf6335004d17cdf49e9117d895731db04f2dc079efb02dbc0d203507b2ebe1dfe84ac895f0971
Behavioral task
behavioral1
Sample
a34c9020a14d78a10b28a1784149ba7826895858cb1c9d636d56839dabb07ecf.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
a34c9020a14d78a10b28a1784149ba7826895858cb1c9d636d56839dabb07ecf.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.6.4
HacKed
emad1987.myq-see.com:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
a34c9020a14d78a10b28a1784149ba7826895858cb1c9d636d56839dabb07ecf
-
Size
29KB
-
MD5
f106bafcdab0eb37a2fc44211c364481
-
SHA1
5232f148bf6cf0b719c039f59a2096d1d7f8efa8
-
SHA256
a34c9020a14d78a10b28a1784149ba7826895858cb1c9d636d56839dabb07ecf
-
SHA512
4cf1439c110d8ae3abafcf30864ffdb101a5dbb5172c8e2b2f6cf6335004d17cdf49e9117d895731db04f2dc079efb02dbc0d203507b2ebe1dfe84ac895f0971
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-