General
-
Target
0x000600000000b2d2-55.dat
-
Size
37KB
-
Sample
220925-h9rydadge3
-
MD5
26519b81ab0c5400711598dab3492da4
-
SHA1
b28cd0ed6a3af783bddb83c2f2444902335c13a9
-
SHA256
553765cd10aca67763bfc1c158b143c34769fad1c0e826df511024ea6dce1409
-
SHA512
677fc384a8b03142fd3f9d4577b34b97b30ad430d96768c6e9d18ac9df8d3e859b77cc38e85d78e1288caa7c34fc7415e0895f8aaeeb6214527497b11e5b8e2c
-
SSDEEP
384:K0Lj99kitkZf5W9cTYXyc/jZMM6zffknvUBvrAF+rMRTyN/0L+EcoinblneHQM3a:V9qjjTYic/jW0vUxrM+rMRa8NuNxt
Behavioral task
behavioral1
Sample
0x000600000000b2d2-55.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:11177
c6e1be96541084b1f53de49f469e8523
-
reg_key
c6e1be96541084b1f53de49f469e8523
-
splitter
|'|'|
Targets
-
-
Target
0x000600000000b2d2-55.dat
-
Size
37KB
-
MD5
26519b81ab0c5400711598dab3492da4
-
SHA1
b28cd0ed6a3af783bddb83c2f2444902335c13a9
-
SHA256
553765cd10aca67763bfc1c158b143c34769fad1c0e826df511024ea6dce1409
-
SHA512
677fc384a8b03142fd3f9d4577b34b97b30ad430d96768c6e9d18ac9df8d3e859b77cc38e85d78e1288caa7c34fc7415e0895f8aaeeb6214527497b11e5b8e2c
-
SSDEEP
384:K0Lj99kitkZf5W9cTYXyc/jZMM6zffknvUBvrAF+rMRTyN/0L+EcoinblneHQM3a:V9qjjTYic/jW0vUxrM+rMRa8NuNxt
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-