General
-
Target
f51a5cae5ba517e14fa1f0afbc607982c909a2945208ca8a6c2fb9930d4ad848
-
Size
29KB
-
Sample
220731-f1lc5abdbk
-
MD5
56b48e11484f9de5271ec5b299fdb2f8
-
SHA1
ee065c111bc8bf007a2f0a34db37436f1c530968
-
SHA256
f51a5cae5ba517e14fa1f0afbc607982c909a2945208ca8a6c2fb9930d4ad848
-
SHA512
dff379f4ca929dece1b9360dc02e890970c1e00a00e6c8ca5506c3e2bf0060a3f627905204a2dab715758e07328b53313b830e903d556eee5a10978203846d94
Behavioral task
behavioral1
Sample
f51a5cae5ba517e14fa1f0afbc607982c909a2945208ca8a6c2fb9930d4ad848.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
f51a5cae5ba517e14fa1f0afbc607982c909a2945208ca8a6c2fb9930d4ad848.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.6.4
HacKed
ddas.ddns.net:2700
664661b4c81638bcf0bec04457373cd7
-
reg_key
664661b4c81638bcf0bec04457373cd7
-
splitter
|'|'|
Targets
-
-
Target
f51a5cae5ba517e14fa1f0afbc607982c909a2945208ca8a6c2fb9930d4ad848
-
Size
29KB
-
MD5
56b48e11484f9de5271ec5b299fdb2f8
-
SHA1
ee065c111bc8bf007a2f0a34db37436f1c530968
-
SHA256
f51a5cae5ba517e14fa1f0afbc607982c909a2945208ca8a6c2fb9930d4ad848
-
SHA512
dff379f4ca929dece1b9360dc02e890970c1e00a00e6c8ca5506c3e2bf0060a3f627905204a2dab715758e07328b53313b830e903d556eee5a10978203846d94
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-