General
-
Target
d673fe5c5691add5847337394303204b7e9e7a46609490ba31a924ab12d71c98
-
Size
472KB
-
Sample
221001-13n71sahbr
-
MD5
73490eea715262aa6dbc8a0b777adf30
-
SHA1
013d11b58619e035957fe8ee8ccfe35904f5011f
-
SHA256
d673fe5c5691add5847337394303204b7e9e7a46609490ba31a924ab12d71c98
-
SHA512
069bd28f7180cde99f88ca6561ed56c04f4721f22f57925d9701176406d45d2a72baa66fab040888fc9b430624d2cdf5067e860d393d42759077e587dc84398b
-
SSDEEP
12288:atD+nyKFY1iHPeugsRYgX+wCk7aszyrZ:0ynymY1iHlVOnZ
Static task
static1
Behavioral task
behavioral1
Sample
d673fe5c5691add5847337394303204b7e9e7a46609490ba31a924ab12d71c98.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d673fe5c5691add5847337394303204b7e9e7a46609490ba31a924ab12d71c98.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
blackman00000.no-ip.biz:1995
c25a09183d9a8afb0f4533b14dd064b5
-
reg_key
c25a09183d9a8afb0f4533b14dd064b5
-
splitter
|'|'|
Targets
-
-
Target
d673fe5c5691add5847337394303204b7e9e7a46609490ba31a924ab12d71c98
-
Size
472KB
-
MD5
73490eea715262aa6dbc8a0b777adf30
-
SHA1
013d11b58619e035957fe8ee8ccfe35904f5011f
-
SHA256
d673fe5c5691add5847337394303204b7e9e7a46609490ba31a924ab12d71c98
-
SHA512
069bd28f7180cde99f88ca6561ed56c04f4721f22f57925d9701176406d45d2a72baa66fab040888fc9b430624d2cdf5067e860d393d42759077e587dc84398b
-
SSDEEP
12288:atD+nyKFY1iHPeugsRYgX+wCk7aszyrZ:0ynymY1iHlVOnZ
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-