General
-
Target
576-56-0x0000000004AC0000-0x0000000004ACC000-memory.dmp
-
Size
48KB
-
Sample
220727-zll6nahdej
-
MD5
99783c5bd31b3d6b5209a10678c0c2b5
-
SHA1
81050a9fed3607bd78fd1edc221277ec1f40ffe8
-
SHA256
a2e94e993ecb8a3859a66f31e03eea471f089925d460b7d20493faa04bcae1cc
-
SHA512
e389f6322542e610f59514a2d040384e17c0a091d8aeb4ff597ba96e4d30bbbf710c54dd32f8683dc3c8f5a71c2a4007c9f6fcd6dac15719b1ab47680e1f0a2b
Behavioral task
behavioral1
Sample
576-56-0x0000000004AC0000-0x0000000004ACC000-memory.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
576-56-0x0000000004AC0000-0x0000000004ACC000-memory.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.7d
HacKed
easralahtane.ddns.net:3973
4c1e56ee7374309d8fa12b913734d668
-
reg_key
4c1e56ee7374309d8fa12b913734d668
-
splitter
|'|'|
Targets
-
-
Target
576-56-0x0000000004AC0000-0x0000000004ACC000-memory.dmp
-
Size
48KB
-
MD5
99783c5bd31b3d6b5209a10678c0c2b5
-
SHA1
81050a9fed3607bd78fd1edc221277ec1f40ffe8
-
SHA256
a2e94e993ecb8a3859a66f31e03eea471f089925d460b7d20493faa04bcae1cc
-
SHA512
e389f6322542e610f59514a2d040384e17c0a091d8aeb4ff597ba96e4d30bbbf710c54dd32f8683dc3c8f5a71c2a4007c9f6fcd6dac15719b1ab47680e1f0a2b
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-