General
-
Target
7c0ac1db102c6f2a98680c67b8438d3d674951a9ea222c8fa65d4d60d3125137
-
Size
61KB
-
Sample
221001-3dggzsbfg8
-
MD5
4342a718afd0f2b7d01f4ab7d5227b40
-
SHA1
bd2911196d29365c8a5d37e2641220231d3e950d
-
SHA256
7c0ac1db102c6f2a98680c67b8438d3d674951a9ea222c8fa65d4d60d3125137
-
SHA512
e1f850cda1fe055abe36a61fad7b4899b046e1bdebd545432fa612779791c81f714d7ae1dbc88b2261fc54a2af2a2f047c8a0a4fadce001af76aa0fd51d65723
-
SSDEEP
1536:kGGodMn63B/f+MZjNl/Vu14lZq19G5Ee:DdMnuB+oNlFyk5Ee
Static task
static1
Behavioral task
behavioral1
Sample
7c0ac1db102c6f2a98680c67b8438d3d674951a9ea222c8fa65d4d60d3125137.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7c0ac1db102c6f2a98680c67b8438d3d674951a9ea222c8fa65d4d60d3125137.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
lmarajayanzawiko.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
7c0ac1db102c6f2a98680c67b8438d3d674951a9ea222c8fa65d4d60d3125137
-
Size
61KB
-
MD5
4342a718afd0f2b7d01f4ab7d5227b40
-
SHA1
bd2911196d29365c8a5d37e2641220231d3e950d
-
SHA256
7c0ac1db102c6f2a98680c67b8438d3d674951a9ea222c8fa65d4d60d3125137
-
SHA512
e1f850cda1fe055abe36a61fad7b4899b046e1bdebd545432fa612779791c81f714d7ae1dbc88b2261fc54a2af2a2f047c8a0a4fadce001af76aa0fd51d65723
-
SSDEEP
1536:kGGodMn63B/f+MZjNl/Vu14lZq19G5Ee:DdMnuB+oNlFyk5Ee
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-