General
-
Target
5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
-
Size
28KB
-
Sample
220731-z6k44ahgfn
-
MD5
09d9d38a61ca864ddca8c576b9a3526f
-
SHA1
03df810dc2f1b2bfd240a6532cd36e0965fa8dc8
-
SHA256
5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
-
SHA512
ab950d0ab1567f7dac126d275797c7be2ba3b017b5c2a2cf4361dc675bd62631f6e65c5e3a37ab1d01d24fbbf085777d46be2bfe447f5cf53ad7c9a7d87b7c5b
Behavioral task
behavioral1
Sample
5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
212683d986fb740ad6a40184df48e604
-
reg_key
212683d986fb740ad6a40184df48e604
-
splitter
|'|'|
Targets
-
-
Target
5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
-
Size
28KB
-
MD5
09d9d38a61ca864ddca8c576b9a3526f
-
SHA1
03df810dc2f1b2bfd240a6532cd36e0965fa8dc8
-
SHA256
5e220b16575e55b589df04d15e2806160345f4d588bc659be5f3090919dd4be5
-
SHA512
ab950d0ab1567f7dac126d275797c7be2ba3b017b5c2a2cf4361dc675bd62631f6e65c5e3a37ab1d01d24fbbf085777d46be2bfe447f5cf53ad7c9a7d87b7c5b
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-