General
-
Target
2fe56b2f6d9a5c054b76747dd267b97d.exe
-
Size
333KB
-
Sample
220925-h6nfsafagj
-
MD5
2fe56b2f6d9a5c054b76747dd267b97d
-
SHA1
3737c981dab10ca7b676a3456315f7d59ac3f967
-
SHA256
060032a96340a43e32383dbc1f8723eda945a7d1c3d2f7201b36efd3b98d858e
-
SHA512
6cf11227817dae593c4e82465dc7080eca4a3767716daf47e53b55938f095349279079a0c7b7e70ed04567896517a2c06d44f540e605e5ec89f51283e6024d85
-
SSDEEP
6144:H8JsLcpjzTDDmHayakLkrb4NSarQWtT+tG1Xt5ub:8zxzTDWikLSb4NS7ET+tG1XtQb
Static task
static1
Behavioral task
behavioral1
Sample
2fe56b2f6d9a5c054b76747dd267b97d.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:11177
c6e1be96541084b1f53de49f469e8523
-
reg_key
c6e1be96541084b1f53de49f469e8523
-
splitter
|'|'|
Targets
-
-
Target
2fe56b2f6d9a5c054b76747dd267b97d.exe
-
Size
333KB
-
MD5
2fe56b2f6d9a5c054b76747dd267b97d
-
SHA1
3737c981dab10ca7b676a3456315f7d59ac3f967
-
SHA256
060032a96340a43e32383dbc1f8723eda945a7d1c3d2f7201b36efd3b98d858e
-
SHA512
6cf11227817dae593c4e82465dc7080eca4a3767716daf47e53b55938f095349279079a0c7b7e70ed04567896517a2c06d44f540e605e5ec89f51283e6024d85
-
SSDEEP
6144:H8JsLcpjzTDDmHayakLkrb4NSarQWtT+tG1Xt5ub:8zxzTDWikLSb4NS7ET+tG1XtQb
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-