General
-
Target
b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa
-
Size
289KB
-
Sample
221001-178r8abagj
-
MD5
61515ba9633ff41d3fa44d5ff837c460
-
SHA1
83623fc4699e3ea9b628d1f9a5f4cdd7426c36b8
-
SHA256
b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa
-
SHA512
234438c585b175f5d743e30692888591ea3a1a5d2b59e1e75dd49fe44173656f1bddee85b31fa27dad95f541f958f0b2f89d36b74d63de88bc683f0d68126a1f
-
SSDEEP
3072:FB/o6kBWW71YYd9mE6qTW59cbX/lqmqb/9kdR4cBtVIzKkes5RPdmDwgd4Ujepq0:Y/BC5
Static task
static1
Behavioral task
behavioral1
Sample
b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
0.6.4
HACKED
hasniimed.no-ip.biz:1177
9e07d5f15e8eb1f15f646580801c5439
-
reg_key
9e07d5f15e8eb1f15f646580801c5439
-
splitter
|'|'|
Targets
-
-
Target
b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa
-
Size
289KB
-
MD5
61515ba9633ff41d3fa44d5ff837c460
-
SHA1
83623fc4699e3ea9b628d1f9a5f4cdd7426c36b8
-
SHA256
b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa
-
SHA512
234438c585b175f5d743e30692888591ea3a1a5d2b59e1e75dd49fe44173656f1bddee85b31fa27dad95f541f958f0b2f89d36b74d63de88bc683f0d68126a1f
-
SSDEEP
3072:FB/o6kBWW71YYd9mE6qTW59cbX/lqmqb/9kdR4cBtVIzKkes5RPdmDwgd4Ujepq0:Y/BC5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-