General
-
Target
Heart-Sender Priv8 Version.zip
-
Size
387KB
-
Sample
220915-j7jpnacdd4
-
MD5
a43b0ad4a3b89c94bbe85f54e9839472
-
SHA1
00aedb47137ed4a75400caea23a31797ea388d7c
-
SHA256
c30250a18d472e5c8379e8eaa939e0bf3cc87cfe991da6deba491a092afb0611
-
SHA512
e3aad6d5d5b01d203aa19b7facdccd59dc5569d22ebb6d2c6c87f60c1ec9820cdf66f0068b355386bb0a4d4229a31161cf97e16aa4d1568d0675def29ac1ab92
-
SSDEEP
12288:vYJcM8SLF5tTwvZKp7yXaJHJtjl05T9CK:vY2QLFjw0p7jJHJNl05YK
Static task
static1
Behavioral task
behavioral1
Sample
Heart-Sender Priv8 Version/Heart-Sender-V1.2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Heart-Sender Priv8 Version/Heart-Sender-V1.2.exe
Resource
win10-20220901-en
Behavioral task
behavioral3
Sample
Heart-Sender Priv8 Version/Heart-Sender-V1.2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
newpartyfrmaap.ddns.net:7070
fb4647cd59a8f29058f4529d83344fa5
-
reg_key
fb4647cd59a8f29058f4529d83344fa5
-
splitter
|'|'|
Targets
-
-
Target
Heart-Sender Priv8 Version/Heart-Sender-V1.2.exe
-
Size
1MB
-
MD5
175d1484e55c5b6f16bff5631b92c171
-
SHA1
b11901746a8143c558877ea42dfa1221874bfba5
-
SHA256
7119d9570d888f5ffcb8f3c54d8d962fc87d83fbdd34c96b951acb3d2889777f
-
SHA512
93fa8f0b5401ef5d6069bfecec897267fae61888d82058973687bb13bcfa684d3c29249703774c889efe5ae91efda0957098f1c3fd4d7a0eccec86184104537c
-
SSDEEP
12288:+7qKAAwzaQa3lsZtsW2NH8d98AsmZF3ARZ0AsEye7Zm8TPXWP:2xJwzaQa3Pc98pmZFQ3WP
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-