General
-
Target
8f04eb500e66a053fa3e6e8a9900e94e794218253a172265c3a881db6f65faf4
-
Size
27KB
-
Sample
220920-zf3lfsecg2
-
MD5
47bea8a28b1e81e3342d594fc57acd8e
-
SHA1
d301e8985e53b7baabf9b45df087a017e3817742
-
SHA256
8f04eb500e66a053fa3e6e8a9900e94e794218253a172265c3a881db6f65faf4
-
SHA512
d5f2bfa425fa0c8d7fe2531b57ed9dbe5ca9b8bb8b7a868e39b251182446a22bcf01c3181d17b3362bc2a76b56cda1e504db2436fafbf922ee2120f76e8d00b6
-
SSDEEP
384:2LBH6uj/+AU9038hfOexuaP39hRnMYAQk93vmhm7UMKmIEecKdbXTzm9bVhcaL62:wBa0mkspJtyYA/vMHTi9bD
Behavioral task
behavioral1
Sample
8f04eb500e66a053fa3e6e8a9900e94e794218253a172265c3a881db6f65faf4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
v4.0
HacKed
216.250.251.104:2028
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
8f04eb500e66a053fa3e6e8a9900e94e794218253a172265c3a881db6f65faf4
-
Size
27KB
-
MD5
47bea8a28b1e81e3342d594fc57acd8e
-
SHA1
d301e8985e53b7baabf9b45df087a017e3817742
-
SHA256
8f04eb500e66a053fa3e6e8a9900e94e794218253a172265c3a881db6f65faf4
-
SHA512
d5f2bfa425fa0c8d7fe2531b57ed9dbe5ca9b8bb8b7a868e39b251182446a22bcf01c3181d17b3362bc2a76b56cda1e504db2436fafbf922ee2120f76e8d00b6
-
SSDEEP
384:2LBH6uj/+AU9038hfOexuaP39hRnMYAQk93vmhm7UMKmIEecKdbXTzm9bVhcaL62:wBa0mkspJtyYA/vMHTi9bD
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-