General
-
Target
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164
-
Size
23KB
-
Sample
221001-2wjvdscbar
-
MD5
575adc1e4c148afe397d3695759ce440
-
SHA1
0b41160e2743facbdd73dbaafaee41a2785fa798
-
SHA256
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164
-
SHA512
69203ebab522c44c4bac83a8a1a01c3054000729fd2d925a7f6d54c7f3fd002623739acbda0a722d18a10011f102c19a44f193a73f3b68e269243a89012d29a0
-
SSDEEP
384:XoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZMj:w7O89p2rRpcnup
Behavioral task
behavioral1
Sample
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
hacked
momodz.no-ip.biz:1177
a1fe58e271392148d9447041084cdb09
-
reg_key
a1fe58e271392148d9447041084cdb09
-
splitter
|'|'|
Targets
-
-
Target
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164
-
Size
23KB
-
MD5
575adc1e4c148afe397d3695759ce440
-
SHA1
0b41160e2743facbdd73dbaafaee41a2785fa798
-
SHA256
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164
-
SHA512
69203ebab522c44c4bac83a8a1a01c3054000729fd2d925a7f6d54c7f3fd002623739acbda0a722d18a10011f102c19a44f193a73f3b68e269243a89012d29a0
-
SSDEEP
384:XoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZMj:w7O89p2rRpcnup
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-