General
-
Target
0b3702d8be5da7b9ad650962389ac0a3623ccfbac57a27fe3230c88e66534833
-
Size
23KB
-
Sample
221001-22zg2acdep
-
MD5
73cdd5fe67c5346241667dbea3bfd190
-
SHA1
f7ac6aabe77ec3138d6b06a0232b79ba19d3f9bb
-
SHA256
0b3702d8be5da7b9ad650962389ac0a3623ccfbac57a27fe3230c88e66534833
-
SHA512
69bbf7d4a8b49c592455fb787757f3cff5e8dbc657572d90cd54549996d9e5d0d2527dffeceec4a26d0cb39826383222fd52743a7f5491642597b8bc652ebadf
-
SSDEEP
384:tMXowTH9mvaOpKYjpQE3sMYlSsLhUM0seTL3PhOdcL+khY:t9wTHgvZwOQE3sRlBViPA4dhY
Static task
static1
Behavioral task
behavioral1
Sample
0b3702d8be5da7b9ad650962389ac0a3623ccfbac57a27fe3230c88e66534833.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0b3702d8be5da7b9ad650962389ac0a3623ccfbac57a27fe3230c88e66534833.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
rachid3391.ddns.net:1177
808983f3a6a4ff62351f84ab1d6d7203
-
reg_key
808983f3a6a4ff62351f84ab1d6d7203
-
splitter
|'|'|
Targets
-
-
Target
0b3702d8be5da7b9ad650962389ac0a3623ccfbac57a27fe3230c88e66534833
-
Size
23KB
-
MD5
73cdd5fe67c5346241667dbea3bfd190
-
SHA1
f7ac6aabe77ec3138d6b06a0232b79ba19d3f9bb
-
SHA256
0b3702d8be5da7b9ad650962389ac0a3623ccfbac57a27fe3230c88e66534833
-
SHA512
69bbf7d4a8b49c592455fb787757f3cff5e8dbc657572d90cd54549996d9e5d0d2527dffeceec4a26d0cb39826383222fd52743a7f5491642597b8bc652ebadf
-
SSDEEP
384:tMXowTH9mvaOpKYjpQE3sMYlSsLhUM0seTL3PhOdcL+khY:t9wTHgvZwOQE3sRlBViPA4dhY
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-