General
-
Target
a244406aded61af82eafdc4a2787e3b3.exe
-
Size
532KB
-
Sample
220821-v1hdssfah4
-
MD5
a244406aded61af82eafdc4a2787e3b3
-
SHA1
55516e4bbfc339547f83af0f6d2b4d7d2ee2fffb
-
SHA256
9c60cec5327db1d5b76ad0f0df924ba86efdd2fa8222a42fced271ad42aa53bb
-
SHA512
e4cf20b82b5eecd013de0f31b3b3c0e2daf28811b10a8bc0c4cb025d973bd5d7992671d9358cf7cffa43e6463cc44af284489e579b75e6a02be04238b35dd6cf
-
SSDEEP
3072:OJ1ZUpIVx/TGP7um+aWTzm7q7Paef7kXazqn7OzDeh+PuqWDPKnmuHP7rXOPiKeo:w
Static task
static1
Behavioral task
behavioral1
Sample
a244406aded61af82eafdc4a2787e3b3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a244406aded61af82eafdc4a2787e3b3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
easralahtane.ddns.net:3973
d2affd0990860fff6a059dbd50f93a64
-
reg_key
d2affd0990860fff6a059dbd50f93a64
-
splitter
|'|'|
Targets
-
-
Target
a244406aded61af82eafdc4a2787e3b3.exe
-
Size
532KB
-
MD5
a244406aded61af82eafdc4a2787e3b3
-
SHA1
55516e4bbfc339547f83af0f6d2b4d7d2ee2fffb
-
SHA256
9c60cec5327db1d5b76ad0f0df924ba86efdd2fa8222a42fced271ad42aa53bb
-
SHA512
e4cf20b82b5eecd013de0f31b3b3c0e2daf28811b10a8bc0c4cb025d973bd5d7992671d9358cf7cffa43e6463cc44af284489e579b75e6a02be04238b35dd6cf
-
SSDEEP
3072:OJ1ZUpIVx/TGP7um+aWTzm7q7Paef7kXazqn7OzDeh+PuqWDPKnmuHP7rXOPiKeo:w
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-