Resubmissions
08-09-2022 17:44
220908-wblklafbe7 307-09-2022 00:27
220907-arqnlaafh7 105-09-2022 16:52
220905-vdthjsehd3 305-09-2022 16:42
220905-t7p7jsegc2 705-09-2022 16:37
220905-t49f1sefh3 331-08-2022 06:37
220831-hdwlpabhc7 131-08-2022 06:32
220831-haw32sabhk 1031-08-2022 05:40
220831-gcy5rahffl 10General
-
Target
http://20.7.14.99/server/
-
Sample
220831-gcy5rahffl
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://20.7.14.99/server/
Resource
win7-20220812-en
windows7-x64
18 signatures
1800 seconds
Behavioral task
behavioral2
Sample
http://20.7.14.99/server/
Resource
win10v2004-20220812-en
windows10-2004-x64
23 signatures
1800 seconds
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
20.7.14.99:5552
Mutex
9636f5e673cfb8069e1ef3d1f8bc784b
Attributes
-
reg_key
9636f5e673cfb8069e1ef3d1f8bc784b
-
splitter
|'|'|
Targets
-
-
Target
http://20.7.14.99/server/
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-