General
-
Target
tmp
-
Size
23KB
-
Sample
220831-ke41kabehk
-
MD5
4cc52b12b15e02c96fed275defa813af
-
SHA1
a35a727745e25e1b71119968d3f090dfc4c07c18
-
SHA256
db62cd044da6120e08c11b7cc41f9ac0fb160adedd1f7a3a6380713d3a305357
-
SHA512
addaa15db05d0eee7f43715406fc41ebd1dd0dc1b626d473c85c302ff541f7033dd77585912e1630e10474db212aa5d9122bb8527d9383437fba9d56e90c3676
-
SSDEEP
384:9oWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZug:i7O89p2rRpcnu4
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
20.7.14.99:5552
9636f5e673cfb8069e1ef3d1f8bc784b
-
reg_key
9636f5e673cfb8069e1ef3d1f8bc784b
-
splitter
|'|'|
Targets
-
-
Target
tmp
-
Size
23KB
-
MD5
4cc52b12b15e02c96fed275defa813af
-
SHA1
a35a727745e25e1b71119968d3f090dfc4c07c18
-
SHA256
db62cd044da6120e08c11b7cc41f9ac0fb160adedd1f7a3a6380713d3a305357
-
SHA512
addaa15db05d0eee7f43715406fc41ebd1dd0dc1b626d473c85c302ff541f7033dd77585912e1630e10474db212aa5d9122bb8527d9383437fba9d56e90c3676
-
SSDEEP
384:9oWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZug:i7O89p2rRpcnu4
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-