General
-
Target
server.exe
-
Size
37KB
-
Sample
220805-sp6k5sbhcq
-
MD5
4bc8c9f0374e9e8b462ba68c3c05cbc8
-
SHA1
d23e233c019deb218dc12656b6068ed6bb1e0f09
-
SHA256
1caefcd78f2581528f9ffe0dd5e3832dff1d4cc72168716145d59ceb0388f000
-
SHA512
302068d057b831233057f3fd033f7d5a4b4fabca328ac135d637fc80119a2be938681e04951734b8078ad6a08a69dc59b279d0ae94f2db844c9a37adfcdb55d5
Malware Config
Extracted
njrat
im523
HacKed
positive-be.at.playit.gg:14456
c79c8749d02e545a8c69b1379eed97c4
-
reg_key
c79c8749d02e545a8c69b1379eed97c4
-
splitter
|'|'|
Targets
-
-
Target
server.exe
-
Size
37KB
-
MD5
4bc8c9f0374e9e8b462ba68c3c05cbc8
-
SHA1
d23e233c019deb218dc12656b6068ed6bb1e0f09
-
SHA256
1caefcd78f2581528f9ffe0dd5e3832dff1d4cc72168716145d59ceb0388f000
-
SHA512
302068d057b831233057f3fd033f7d5a4b4fabca328ac135d637fc80119a2be938681e04951734b8078ad6a08a69dc59b279d0ae94f2db844c9a37adfcdb55d5
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-