General
-
Target
18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
-
Size
93KB
-
Sample
220731-ja71zseed9
-
MD5
bc90da2cf4aa2fdd091d4db19fdf1fc6
-
SHA1
0f20356cfe7fbbaf32c3ad726b510ced471e5f79
-
SHA256
18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
-
SHA512
7b7c6b6d9c60e1d8ec203642a4919ce75411f49b5caac000e69818386cf800e6d34c1a5d2144e5acbee27995a064b6daaa0b74e6e2dbd8c754c7a25ecfdda88e
Behavioral task
behavioral1
Sample
18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb.exe
Resource
win7-20220715-en
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOTI3LjAuFRANSESCOC4x:MTYwNA==
f6e28e588d4960673b87689407900074
-
reg_key
f6e28e588d4960673b87689407900074
-
splitter
|'|'|
Targets
-
-
Target
18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
-
Size
93KB
-
MD5
bc90da2cf4aa2fdd091d4db19fdf1fc6
-
SHA1
0f20356cfe7fbbaf32c3ad726b510ced471e5f79
-
SHA256
18760d2630ab242b6275c7515f18b48aee0703f82be8da6a826129453d5b1fcb
-
SHA512
7b7c6b6d9c60e1d8ec203642a4919ce75411f49b5caac000e69818386cf800e6d34c1a5d2144e5acbee27995a064b6daaa0b74e6e2dbd8c754c7a25ecfdda88e
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-