General
-
Target
HEUR-Trojan.Win32.Generic-21f67417336481aa8cf02e4b3d4b4306ed27fd98a41d471bceabf455a6764732.exe
-
Size
93KB
-
Sample
220925-vdzdssgffp
-
MD5
22862e6f7d03b5c16fefebb80e5070c2
-
SHA1
1a3d11049829774b165287d715b55063aa0cdc7e
-
SHA256
21f67417336481aa8cf02e4b3d4b4306ed27fd98a41d471bceabf455a6764732
-
SHA512
02d4b36900fca69c33c74d7669e6df27bedf6ccd716ebfdb8a162f3b0c43bb69e4c3f95bff36cc307446353ad09985192fee7a38537cd819e085e53c2bbaf74d
-
SSDEEP
768:bY3/2/nkpjTMpALPGMtsas88EtNXhU9Y1mxCXxrjEtCdnl2pi1Rz4Rk3JsGdpVgM:S2fkVbPGHz88Eb71pjEwzGi1dD5DVgS
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.Generic-21f67417336481aa8cf02e4b3d4b4306ed27fd98a41d471bceabf455a6764732.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.7d
Hacked
cWl3YXBpdm8uZGRucy5uZXQStrik:MTE3Nw==
dd294006da6e1298c186045132ffa2f6
-
reg_key
dd294006da6e1298c186045132ffa2f6
-
splitter
|'|'|
Targets
-
-
Target
HEUR-Trojan.Win32.Generic-21f67417336481aa8cf02e4b3d4b4306ed27fd98a41d471bceabf455a6764732.exe
-
Size
93KB
-
MD5
22862e6f7d03b5c16fefebb80e5070c2
-
SHA1
1a3d11049829774b165287d715b55063aa0cdc7e
-
SHA256
21f67417336481aa8cf02e4b3d4b4306ed27fd98a41d471bceabf455a6764732
-
SHA512
02d4b36900fca69c33c74d7669e6df27bedf6ccd716ebfdb8a162f3b0c43bb69e4c3f95bff36cc307446353ad09985192fee7a38537cd819e085e53c2bbaf74d
-
SSDEEP
768:bY3/2/nkpjTMpALPGMtsas88EtNXhU9Y1mxCXxrjEtCdnl2pi1Rz4Rk3JsGdpVgM:S2fkVbPGHz88Eb71pjEwzGi1dD5DVgS
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-