General
-
Target
a2b7067c9ed51dcf8eccb251da3bae89.exe
-
Size
37KB
-
Sample
220906-ggayqafgf7
-
MD5
a2b7067c9ed51dcf8eccb251da3bae89
-
SHA1
72dded4f4c1474804ab9508176a5587d71529d4b
-
SHA256
d3895a176b088ccea8de7ff50cabe73195a0a56bf4d32482dbc47bdcef733dc2
-
SHA512
609412d6e4147bf87cc8481c7fec9b9c39c540042879cbabc916b007942df21fcc0ed05f0cefe9e01b839ee3c9279368d4de9ccb19e1a7fe37a6bc3e82395d74
-
SSDEEP
384:snu1HCiMT3jBVbJsy8PVAbAoJvzv7QyYdbrAF+rMRTyN/0L+EcoinblneHQM3epb:0hbJP8PVsAafVYJrM+rMRa8NuIGt
Behavioral task
behavioral1
Sample
a2b7067c9ed51dcf8eccb251da3bae89.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a2b7067c9ed51dcf8eccb251da3bae89.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
im523
HACK
journal-serial.at.playit.gg:59826
6b15523b39e3dae4db6cae2a109d2d5f
-
reg_key
6b15523b39e3dae4db6cae2a109d2d5f
-
splitter
|'|'|
Targets
-
-
Target
a2b7067c9ed51dcf8eccb251da3bae89.exe
-
Size
37KB
-
MD5
a2b7067c9ed51dcf8eccb251da3bae89
-
SHA1
72dded4f4c1474804ab9508176a5587d71529d4b
-
SHA256
d3895a176b088ccea8de7ff50cabe73195a0a56bf4d32482dbc47bdcef733dc2
-
SHA512
609412d6e4147bf87cc8481c7fec9b9c39c540042879cbabc916b007942df21fcc0ed05f0cefe9e01b839ee3c9279368d4de9ccb19e1a7fe37a6bc3e82395d74
-
SSDEEP
384:snu1HCiMT3jBVbJsy8PVAbAoJvzv7QyYdbrAF+rMRTyN/0L+EcoinblneHQM3epb:0hbJP8PVsAafVYJrM+rMRa8NuIGt
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-