General
-
Target
56a93141da5e548bbb1b51d75c1c6eb4.exe
-
Size
37KB
-
Sample
220730-2ehk1abad2
-
MD5
56a93141da5e548bbb1b51d75c1c6eb4
-
SHA1
220b3777cd9a82fb7ec3df41fe5671afbbff48e5
-
SHA256
e9bf3fc00ed911d03f986e4ee8bc199835d75b2772c4089351a3e81f6a723558
-
SHA512
48829aed487046290e28ab2e1e6db0f2084721e7fbf4766d148f17531dcca5fbc0e63cfdfbd9d9574a7c551320eb488e130be2f2776138abde7901bed5227abd
Behavioral task
behavioral1
Sample
56a93141da5e548bbb1b51d75c1c6eb4.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
56a93141da5e548bbb1b51d75c1c6eb4.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
im523
HacKed
6.tcp.eu.ngrok.io:12180
27a24c123d1e61d690116d6e2ecb6791
-
reg_key
27a24c123d1e61d690116d6e2ecb6791
-
splitter
|'|'|
Targets
-
-
Target
56a93141da5e548bbb1b51d75c1c6eb4.exe
-
Size
37KB
-
MD5
56a93141da5e548bbb1b51d75c1c6eb4
-
SHA1
220b3777cd9a82fb7ec3df41fe5671afbbff48e5
-
SHA256
e9bf3fc00ed911d03f986e4ee8bc199835d75b2772c4089351a3e81f6a723558
-
SHA512
48829aed487046290e28ab2e1e6db0f2084721e7fbf4766d148f17531dcca5fbc0e63cfdfbd9d9574a7c551320eb488e130be2f2776138abde7901bed5227abd
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-