General
-
Target
0030834bf67509153237ac832bc68649.exe
-
Size
351KB
-
Sample
220813-z1eecsebck
-
MD5
0030834bf67509153237ac832bc68649
-
SHA1
1e4802307ae8e4a8c75bb384762f4cd6db676884
-
SHA256
bda545a064501623ed0031faafaad588e31bdae02dd945413873f21ecb7fd96d
-
SHA512
9a26f24a53c929c470e87469dac4ead2064524d0f85e4ea0424695b2f7e6a200256886093ed1190373281498915aecad94d74e90302444c42bc92c876e85e50d
Static task
static1
Behavioral task
behavioral1
Sample
0030834bf67509153237ac832bc68649.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0030834bf67509153237ac832bc68649.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
easralahtane.ddns.net:3973
de691f5a23326e1eca32cf33144b3175
-
reg_key
de691f5a23326e1eca32cf33144b3175
-
splitter
|'|'|
Targets
-
-
Target
0030834bf67509153237ac832bc68649.exe
-
Size
351KB
-
MD5
0030834bf67509153237ac832bc68649
-
SHA1
1e4802307ae8e4a8c75bb384762f4cd6db676884
-
SHA256
bda545a064501623ed0031faafaad588e31bdae02dd945413873f21ecb7fd96d
-
SHA512
9a26f24a53c929c470e87469dac4ead2064524d0f85e4ea0424695b2f7e6a200256886093ed1190373281498915aecad94d74e90302444c42bc92c876e85e50d
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-