General
-
Target
1764-56-0x0000000000990000-0x000000000099C000-memory.dmp
-
Size
48KB
-
Sample
220913-sfa3wabffr
-
MD5
eb0765258076879bf5581ad974af3b5c
-
SHA1
2b3ad034b50b63e64570ba9b02fe90d2c554157a
-
SHA256
10ad1414ecb12a8124e67e6a8708347186e34ac7382adc683015a8b5f7403df6
-
SHA512
1651f90c320c7d2c514a63b2b8780fbb0e0fd275c3e0502bee2c78bf3541586637e6a01a620acc20d36b782631965d10da9f3943551aa0dc00c0a45f861b8bd7
-
SSDEEP
384:z+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZhDty:Mm+71d5XRpcnuuc
Behavioral task
behavioral1
Sample
1764-56-0x0000000000990000-0x000000000099C000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1764-56-0x0000000000990000-0x000000000099C000-memory.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
2.tcp.eu.ngrok.io:13002
2806cdb1ef67986308064d5873a67ad7
-
reg_key
2806cdb1ef67986308064d5873a67ad7
-
splitter
|'|'|
Targets
-
-
Target
1764-56-0x0000000000990000-0x000000000099C000-memory.dmp
-
Size
48KB
-
MD5
eb0765258076879bf5581ad974af3b5c
-
SHA1
2b3ad034b50b63e64570ba9b02fe90d2c554157a
-
SHA256
10ad1414ecb12a8124e67e6a8708347186e34ac7382adc683015a8b5f7403df6
-
SHA512
1651f90c320c7d2c514a63b2b8780fbb0e0fd275c3e0502bee2c78bf3541586637e6a01a620acc20d36b782631965d10da9f3943551aa0dc00c0a45f861b8bd7
-
SSDEEP
384:z+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZhDty:Mm+71d5XRpcnuuc
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-