General
-
Target
009f8928b2e3dbdaec6c166e820445d0.exe
-
Size
37KB
-
Sample
220727-g4bhrseef7
-
MD5
009f8928b2e3dbdaec6c166e820445d0
-
SHA1
ed3b5e68ab721ab7c7d6417c335fd85d3d2a1315
-
SHA256
952f0f0f9b522fd3b8f764d5a84cf23c7cfcf412eb5bce8ba48fae3e19887047
-
SHA512
3bdbb4f199e22c4b18d3533da23bfa2d1e8b3c25d7a2014e1e7cc73b860abee85083a4c047fdc48d2e1fa8cc5bdab24277bd5a3288c72629d700befcf8256506
Behavioral task
behavioral1
Sample
009f8928b2e3dbdaec6c166e820445d0.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
009f8928b2e3dbdaec6c166e820445d0.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
im523
HacKed
eidnafa522.ddns.net:5552
4a7bbceff6cedc909e9ef3cb6a805541
-
reg_key
4a7bbceff6cedc909e9ef3cb6a805541
-
splitter
|'|'|
Targets
-
-
Target
009f8928b2e3dbdaec6c166e820445d0.exe
-
Size
37KB
-
MD5
009f8928b2e3dbdaec6c166e820445d0
-
SHA1
ed3b5e68ab721ab7c7d6417c335fd85d3d2a1315
-
SHA256
952f0f0f9b522fd3b8f764d5a84cf23c7cfcf412eb5bce8ba48fae3e19887047
-
SHA512
3bdbb4f199e22c4b18d3533da23bfa2d1e8b3c25d7a2014e1e7cc73b860abee85083a4c047fdc48d2e1fa8cc5bdab24277bd5a3288c72629d700befcf8256506
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-