General
-
Target
26dc605946143f14420cb2213b006b2f.exe
-
Size
431KB
-
Sample
220726-znw4mseaen
-
MD5
26dc605946143f14420cb2213b006b2f
-
SHA1
bffb892c1ac0db6e60a06e835decf5267f42bdbc
-
SHA256
69cfac4e13c63eb0cbeaad0a395102f4e54bf6712d80838bdd012385c6fb617d
-
SHA512
4bddb6ab653b860c4b8f3b8e17f3f1d510e8d32145b49d6466854a90c9691997881326f2b2e84485fd8f3026c15d8e743ae8a32cf29053d3800cb2a1a17ad29b
Static task
static1
Behavioral task
behavioral1
Sample
26dc605946143f14420cb2213b006b2f.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
26dc605946143f14420cb2213b006b2f.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
njrat
0.7d
HacKed
easralahtane.ddns.net:3973
4c1e56ee7374309d8fa12b913734d668
-
reg_key
4c1e56ee7374309d8fa12b913734d668
-
splitter
|'|'|
Targets
-
-
Target
26dc605946143f14420cb2213b006b2f.exe
-
Size
431KB
-
MD5
26dc605946143f14420cb2213b006b2f
-
SHA1
bffb892c1ac0db6e60a06e835decf5267f42bdbc
-
SHA256
69cfac4e13c63eb0cbeaad0a395102f4e54bf6712d80838bdd012385c6fb617d
-
SHA512
4bddb6ab653b860c4b8f3b8e17f3f1d510e8d32145b49d6466854a90c9691997881326f2b2e84485fd8f3026c15d8e743ae8a32cf29053d3800cb2a1a17ad29b
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-