General
-
Target
DC5135AA461E90BCBFB73407ACD326F348505B778D9CB.exe
-
Size
37KB
-
Sample
220731-t9ylpshaf4
-
MD5
b25b97950fa6a2787ded68ff502f83ed
-
SHA1
dff29eb3973f2eff1c2eb9b0194322c4dce67d7b
-
SHA256
dc5135aa461e90bcbfb73407acd326f348505b778d9cb7c26eb1c165c0f10256
-
SHA512
949a9474257857080373e413cf32f26aece73d2991f34d87da6521d4b8068299c3c6e3f65770f7557cb2ff91013314114549996a802386558daff115e8e60f1a
Behavioral task
behavioral1
Sample
DC5135AA461E90BCBFB73407ACD326F348505B778D9CB.exe
Resource
win7-20220715-en
Malware Config
Extracted
njrat
im523
HacKed
2.tcp.eu.ngrok.io:17696
484eea14a1a847f4be40553ddc98f05f
-
reg_key
484eea14a1a847f4be40553ddc98f05f
-
splitter
|'|'|
Targets
-
-
Target
DC5135AA461E90BCBFB73407ACD326F348505B778D9CB.exe
-
Size
37KB
-
MD5
b25b97950fa6a2787ded68ff502f83ed
-
SHA1
dff29eb3973f2eff1c2eb9b0194322c4dce67d7b
-
SHA256
dc5135aa461e90bcbfb73407acd326f348505b778d9cb7c26eb1c165c0f10256
-
SHA512
949a9474257857080373e413cf32f26aece73d2991f34d87da6521d4b8068299c3c6e3f65770f7557cb2ff91013314114549996a802386558daff115e8e60f1a
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-