General
-
Target
2cf3ef9b4b6aff5b4fa53dd9a61e77fd.exe
-
Size
37KB
-
Sample
220729-gnbhtsefh3
-
MD5
2cf3ef9b4b6aff5b4fa53dd9a61e77fd
-
SHA1
b19d77793f0410c6b8fb044e573ebbfa4e9ba6f1
-
SHA256
faa2e37de4a92178dfcc4d7966f1482f32755963736a964568e6d855f054eefb
-
SHA512
5a3233ca3e8dc3a886addd8acda04ca0337e1a43760a617dc690f1b3851ef684acf51132cd07e548e566dc9c170bdd5cad48182d2bc525b6f41e231f4e19ad02
Behavioral task
behavioral1
Sample
2cf3ef9b4b6aff5b4fa53dd9a61e77fd.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
2cf3ef9b4b6aff5b4fa53dd9a61e77fd.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
im523
HacKed
2.tcp.eu.ngrok.io:16632
f635a65108320f6738abf7ac7c96edbf
-
reg_key
f635a65108320f6738abf7ac7c96edbf
-
splitter
|'|'|
Targets
-
-
Target
2cf3ef9b4b6aff5b4fa53dd9a61e77fd.exe
-
Size
37KB
-
MD5
2cf3ef9b4b6aff5b4fa53dd9a61e77fd
-
SHA1
b19d77793f0410c6b8fb044e573ebbfa4e9ba6f1
-
SHA256
faa2e37de4a92178dfcc4d7966f1482f32755963736a964568e6d855f054eefb
-
SHA512
5a3233ca3e8dc3a886addd8acda04ca0337e1a43760a617dc690f1b3851ef684acf51132cd07e548e566dc9c170bdd5cad48182d2bc525b6f41e231f4e19ad02
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-