General
-
Target
0e94a726b6cfe94bd8de2ef6f8ef70f543ae062c02ce62179a968470ce183e8b
-
Size
207KB
-
Sample
221001-22gxzscdcp
-
MD5
03f30bb108c14dd61e8cc7283ff03540
-
SHA1
f8de8c631e4c0bce2c0fb172e073d04cafbcc977
-
SHA256
0e94a726b6cfe94bd8de2ef6f8ef70f543ae062c02ce62179a968470ce183e8b
-
SHA512
10fea7e48e877055d1abb498f3dfc22dd110a1ebab832b05e5538fcc47c3dcf8bc25516d9ac251ef33c370e019506d9d8631fc6280d388e62214165d16f90602
-
SSDEEP
3072:opc0A07hw14W+9u08t4uuQU8gd8RM9lOOQCtWnYBV7MnidGiy6Vy3BuOyFmrsds:Ip7hxhySuuQUwkQCtWk7MgQkQ5yFd
Static task
static1
Behavioral task
behavioral1
Sample
0e94a726b6cfe94bd8de2ef6f8ef70f543ae062c02ce62179a968470ce183e8b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0e94a726b6cfe94bd8de2ef6f8ef70f543ae062c02ce62179a968470ce183e8b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
biggsmall.no-ip.biz:5552
27f240735122562cdace87e6f4dc2e8b
-
reg_key
27f240735122562cdace87e6f4dc2e8b
-
splitter
|'|'|
Targets
-
-
Target
0e94a726b6cfe94bd8de2ef6f8ef70f543ae062c02ce62179a968470ce183e8b
-
Size
207KB
-
MD5
03f30bb108c14dd61e8cc7283ff03540
-
SHA1
f8de8c631e4c0bce2c0fb172e073d04cafbcc977
-
SHA256
0e94a726b6cfe94bd8de2ef6f8ef70f543ae062c02ce62179a968470ce183e8b
-
SHA512
10fea7e48e877055d1abb498f3dfc22dd110a1ebab832b05e5538fcc47c3dcf8bc25516d9ac251ef33c370e019506d9d8631fc6280d388e62214165d16f90602
-
SSDEEP
3072:opc0A07hw14W+9u08t4uuQU8gd8RM9lOOQCtWnYBV7MnidGiy6Vy3BuOyFmrsds:Ip7hxhySuuQUwkQCtWk7MgQkQ5yFd
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-