General
-
Target
ECBB3B789818591D27F1730DFB72F6021303B7B88E19A.exe
-
Size
301KB
-
Sample
220906-sklp6scbbn
-
MD5
ca67fbb1b2db6af5e9b317d60b3de797
-
SHA1
0d306f19b7b85d4f6550099231381751dee82058
-
SHA256
ecbb3b789818591d27f1730dfb72f6021303b7b88e19ac9c8dbf1366935e7af7
-
SHA512
593bb09d27dd2b9a00b23c2a04746a494c8a649c91a522e92d1e288ca85e7104acf1abff851aa65e85b12f9bba7f1e35e37df7aa144a2c9641a42098e07318ad
-
SSDEEP
768:ZNmV10bf2TKtClK1rM+rMRa8NuLptHqi:ZNmVaD6KtC8u+gRJNs
Behavioral task
behavioral1
Sample
ECBB3B789818591D27F1730DFB72F6021303B7B88E19A.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ECBB3B789818591D27F1730DFB72F6021303B7B88E19A.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.ngrok.io:13648
ef85f0aa7fc5c357737a6a24052fe823
-
reg_key
ef85f0aa7fc5c357737a6a24052fe823
-
splitter
|'|'|
Targets
-
-
Target
ECBB3B789818591D27F1730DFB72F6021303B7B88E19A.exe
-
Size
301KB
-
MD5
ca67fbb1b2db6af5e9b317d60b3de797
-
SHA1
0d306f19b7b85d4f6550099231381751dee82058
-
SHA256
ecbb3b789818591d27f1730dfb72f6021303b7b88e19ac9c8dbf1366935e7af7
-
SHA512
593bb09d27dd2b9a00b23c2a04746a494c8a649c91a522e92d1e288ca85e7104acf1abff851aa65e85b12f9bba7f1e35e37df7aa144a2c9641a42098e07318ad
-
SSDEEP
768:ZNmV10bf2TKtClK1rM+rMRa8NuLptHqi:ZNmVaD6KtC8u+gRJNs
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-