General
-
Target
5d77954b4c3d9502276ef66cde1a3e173cb80de4d67752bbb68053c901b471eb
-
Size
23KB
-
Sample
220731-3cks1scfd9
-
MD5
2387a59ea2fd012660f4309403719829
-
SHA1
ba40a222616da48b91b65250e257ca3cd58ac7b3
-
SHA256
5d77954b4c3d9502276ef66cde1a3e173cb80de4d67752bbb68053c901b471eb
-
SHA512
caa43c0934955c06d0774cdfcb84badaaa5991063760c580d36383999d93873e07197a9b4cad8986136d18b3ea8c4f8afcb341bc3a6116a85ef6adc7d92dbe74
Behavioral task
behavioral1
Sample
5d77954b4c3d9502276ef66cde1a3e173cb80de4d67752bbb68053c901b471eb.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5d77954b4c3d9502276ef66cde1a3e173cb80de4d67752bbb68053c901b471eb.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
a47829835e21230213cd017c2b4b3e4f
-
reg_key
a47829835e21230213cd017c2b4b3e4f
-
splitter
|'|'|
Targets
-
-
Target
5d77954b4c3d9502276ef66cde1a3e173cb80de4d67752bbb68053c901b471eb
-
Size
23KB
-
MD5
2387a59ea2fd012660f4309403719829
-
SHA1
ba40a222616da48b91b65250e257ca3cd58ac7b3
-
SHA256
5d77954b4c3d9502276ef66cde1a3e173cb80de4d67752bbb68053c901b471eb
-
SHA512
caa43c0934955c06d0774cdfcb84badaaa5991063760c580d36383999d93873e07197a9b4cad8986136d18b3ea8c4f8afcb341bc3a6116a85ef6adc7d92dbe74
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-