General
-
Target
HEUR-Trojan.Win32.Generic-3424a8c9c995896f9d6fe3bb4a164d0d8675a781f9f9c32286a5472ce8e9e50e.exe
-
Size
37KB
-
Sample
220922-v91xhacba2
-
MD5
5c0e12b00990af8e6a82dee0c0e09d95
-
SHA1
cf2be3ad4715d73a3d55c26f8eb972de163b255d
-
SHA256
3424a8c9c995896f9d6fe3bb4a164d0d8675a781f9f9c32286a5472ce8e9e50e
-
SHA512
2cc6d4a725e1b21d1c0e7108c7103b17d6150add109bf4d3ce964e00210c3d7880b660c6a57e9c5695316fb60490328acc252232b63196cf76598c76b70c2ed2
-
SSDEEP
384:BcOmK3hUidksXR21cGMy8PIU5fHkFlacPZrAF+rMRTyN/0L+EcoinblneHQM3epY:6OmK3bLGv8PIU58KcBrM+rMRa8NubGt
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.Generic-3424a8c9c995896f9d6fe3bb4a164d0d8675a781f9f9c32286a5472ce8e9e50e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HEUR-Trojan.Win32.Generic-3424a8c9c995896f9d6fe3bb4a164d0d8675a781f9f9c32286a5472ce8e9e50e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
im523
HacKed
192.168.0.161:2478
0a477f3e02d48d76a648160656e258c9
-
reg_key
0a477f3e02d48d76a648160656e258c9
-
splitter
|'|'|
Targets
-
-
Target
HEUR-Trojan.Win32.Generic-3424a8c9c995896f9d6fe3bb4a164d0d8675a781f9f9c32286a5472ce8e9e50e.exe
-
Size
37KB
-
MD5
5c0e12b00990af8e6a82dee0c0e09d95
-
SHA1
cf2be3ad4715d73a3d55c26f8eb972de163b255d
-
SHA256
3424a8c9c995896f9d6fe3bb4a164d0d8675a781f9f9c32286a5472ce8e9e50e
-
SHA512
2cc6d4a725e1b21d1c0e7108c7103b17d6150add109bf4d3ce964e00210c3d7880b660c6a57e9c5695316fb60490328acc252232b63196cf76598c76b70c2ed2
-
SSDEEP
384:BcOmK3hUidksXR21cGMy8PIU5fHkFlacPZrAF+rMRTyN/0L+EcoinblneHQM3epY:6OmK3bLGv8PIU58KcBrM+rMRa8NubGt
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-