General
-
Target
03d42b442504337342a1e4a50c1cd6e1.exe
-
Size
37KB
-
Sample
220810-m99weahebp
-
MD5
03d42b442504337342a1e4a50c1cd6e1
-
SHA1
8a9a9cb36183a30e7fc72e9202351af3ac673ea1
-
SHA256
6ba6b4903ea4866951dd17956a816065f37face5a89c72d3878870c67df9ff0c
-
SHA512
ed65ecef63f80a4c22d4df48c44ae51b75c50f86d22c8492fe992dc6ce68e48f930f89b62afd197b8fd9e3d02e33468e10ded3d807184e0aad5c086f28bad681
Behavioral task
behavioral1
Sample
03d42b442504337342a1e4a50c1cd6e1.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
03d42b442504337342a1e4a50c1cd6e1.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:10809
4da733041df828afcc3b187c0133995e
-
reg_key
4da733041df828afcc3b187c0133995e
-
splitter
|'|'|
Targets
-
-
Target
03d42b442504337342a1e4a50c1cd6e1.exe
-
Size
37KB
-
MD5
03d42b442504337342a1e4a50c1cd6e1
-
SHA1
8a9a9cb36183a30e7fc72e9202351af3ac673ea1
-
SHA256
6ba6b4903ea4866951dd17956a816065f37face5a89c72d3878870c67df9ff0c
-
SHA512
ed65ecef63f80a4c22d4df48c44ae51b75c50f86d22c8492fe992dc6ce68e48f930f89b62afd197b8fd9e3d02e33468e10ded3d807184e0aad5c086f28bad681
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-