General
-
Target
707f38e5670df86b0ea00a0cbbb7b594.exe
-
Size
37KB
-
Sample
220813-mghw8abce5
-
MD5
707f38e5670df86b0ea00a0cbbb7b594
-
SHA1
f0d490e1a122f613046ff4936522cbc8e67eb216
-
SHA256
f6c8e6767b0b24fe9e63c575b2af73ed20801ffd538e8c4f0f3a88d4b6272e3a
-
SHA512
fa3d5a986188676886b1eb884dfa6a9976597daaf36f51bff7af5e65fca1b6d57cd2cba0c01c2a1db8ff3010e0b5700869dd0a9dbe176319c67f03faaccf5e9e
Behavioral task
behavioral1
Sample
707f38e5670df86b0ea00a0cbbb7b594.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
707f38e5670df86b0ea00a0cbbb7b594.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
im523
HacKed
2.tcp.eu.ngrok.io:12280
92d19e339a9587f8b349c631d21bc9f2
-
reg_key
92d19e339a9587f8b349c631d21bc9f2
-
splitter
|'|'|
Targets
-
-
Target
707f38e5670df86b0ea00a0cbbb7b594.exe
-
Size
37KB
-
MD5
707f38e5670df86b0ea00a0cbbb7b594
-
SHA1
f0d490e1a122f613046ff4936522cbc8e67eb216
-
SHA256
f6c8e6767b0b24fe9e63c575b2af73ed20801ffd538e8c4f0f3a88d4b6272e3a
-
SHA512
fa3d5a986188676886b1eb884dfa6a9976597daaf36f51bff7af5e65fca1b6d57cd2cba0c01c2a1db8ff3010e0b5700869dd0a9dbe176319c67f03faaccf5e9e
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-