General
-
Target
5b30914f3bb2dc4ad5fb605bc92dfc89a292020de515651ab404c29a25884f9d
-
Size
23KB
-
Sample
220802-a1jxeabfh3
-
MD5
8d2da64f6d2d389fef00162e2960c8f6
-
SHA1
1568a39f7540a3899672ba4b11d2b17024c21ecb
-
SHA256
5b30914f3bb2dc4ad5fb605bc92dfc89a292020de515651ab404c29a25884f9d
-
SHA512
41ddbab2b05dd0771d6e89ce8362a41ec96f2c6846a1cba4a7fb1dbd65825e8966d74d196900a71a53e846d92c76382e19ed7abaaf169d7720badc5c20ebe5d8
Behavioral task
behavioral1
Sample
5b30914f3bb2dc4ad5fb605bc92dfc89a292020de515651ab404c29a25884f9d.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5b30914f3bb2dc4ad5fb605bc92dfc89a292020de515651ab404c29a25884f9d.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.7d
HacKed
192.30.83.230:5552
0b1143fb4c2dc7f8c57479777e842f82
-
reg_key
0b1143fb4c2dc7f8c57479777e842f82
-
splitter
|'|'|
Targets
-
-
Target
5b30914f3bb2dc4ad5fb605bc92dfc89a292020de515651ab404c29a25884f9d
-
Size
23KB
-
MD5
8d2da64f6d2d389fef00162e2960c8f6
-
SHA1
1568a39f7540a3899672ba4b11d2b17024c21ecb
-
SHA256
5b30914f3bb2dc4ad5fb605bc92dfc89a292020de515651ab404c29a25884f9d
-
SHA512
41ddbab2b05dd0771d6e89ce8362a41ec96f2c6846a1cba4a7fb1dbd65825e8966d74d196900a71a53e846d92c76382e19ed7abaaf169d7720badc5c20ebe5d8
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-