General
-
Target
0b93343a639f39668ec6ffd35a5f2326.exe
-
Size
431KB
-
Sample
220727-zgewsahcfn
-
MD5
0b93343a639f39668ec6ffd35a5f2326
-
SHA1
457e37b470d880387e33cf0365adc7ff1b5d61bf
-
SHA256
4faf94bfb4f3db31b2cdfabe38a9fb259d97f28456198994bb631b200baabb66
-
SHA512
705319eed5e8a95a32b3f22565127d731a434e7670fc99b792530fbe237d7e6b7b95382ba6fccd0d1afcf03049d64cd2e4a6ed1bb5938eb8c4a22d5670111dd7
Static task
static1
Behavioral task
behavioral1
Sample
0b93343a639f39668ec6ffd35a5f2326.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
0b93343a639f39668ec6ffd35a5f2326.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.7d
HacKed
easralahtane.ddns.net:3973
4c1e56ee7374309d8fa12b913734d668
-
reg_key
4c1e56ee7374309d8fa12b913734d668
-
splitter
|'|'|
Targets
-
-
Target
0b93343a639f39668ec6ffd35a5f2326.exe
-
Size
431KB
-
MD5
0b93343a639f39668ec6ffd35a5f2326
-
SHA1
457e37b470d880387e33cf0365adc7ff1b5d61bf
-
SHA256
4faf94bfb4f3db31b2cdfabe38a9fb259d97f28456198994bb631b200baabb66
-
SHA512
705319eed5e8a95a32b3f22565127d731a434e7670fc99b792530fbe237d7e6b7b95382ba6fccd0d1afcf03049d64cd2e4a6ed1bb5938eb8c4a22d5670111dd7
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-