General
-
Target
b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
-
Size
93KB
-
Sample
220731-hsvb6sdfe4
-
MD5
3ba6a42a36a167bde629b4e8dcc8ff95
-
SHA1
b49aa395634d434a84a264d50037a17281e2a9f4
-
SHA256
b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
-
SHA512
59776c41762279b98737521b59d2c5ef8c4d3384465c061c1b041c5675ba6af0ac6f00e548d69a021a34bd903d5131e7971051b1ef34f6f3f071832767bf8503
Behavioral task
behavioral1
Sample
b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b.exe
Resource
win7-20220715-en
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOTI3LjAuFRANSESCOC4x:MTYwNA==
6e03cdb684215a5d1cd8a13afcd46ec0
-
reg_key
6e03cdb684215a5d1cd8a13afcd46ec0
-
splitter
|'|'|
Targets
-
-
Target
b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
-
Size
93KB
-
MD5
3ba6a42a36a167bde629b4e8dcc8ff95
-
SHA1
b49aa395634d434a84a264d50037a17281e2a9f4
-
SHA256
b964a66b64e28d8af593c38e39c2aec483d687593ebe64a04aecc5326f34b31b
-
SHA512
59776c41762279b98737521b59d2c5ef8c4d3384465c061c1b041c5675ba6af0ac6f00e548d69a021a34bd903d5131e7971051b1ef34f6f3f071832767bf8503
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-