General
-
Target
28d0076db09d89709ef2d882d69aa9a171fceb3c12669b28c46e08ce64ed700e
-
Size
256KB
-
Sample
221001-y5x7laebb7
-
MD5
73bd3bdeb4a75c3ff74a7935ddac9c80
-
SHA1
6ce1bd6708038d57673a06052940f30e318ffdb1
-
SHA256
28d0076db09d89709ef2d882d69aa9a171fceb3c12669b28c46e08ce64ed700e
-
SHA512
bcad6326216c1f38f746c04b983b62935c81c61857e02a1825ad4e58d0f0d7cff4e1821c2ded20e8e81145fb6041dc7034d723030a19d18571eca5a0cbb4c4d2
-
SSDEEP
6144:RmfAQ369AGxNWJHzMK7pqfeJs4s1zLnlBX+UVes/d:RvVxN4HzLq2KxBX+AeG
Behavioral task
behavioral1
Sample
28d0076db09d89709ef2d882d69aa9a171fceb3c12669b28c46e08ce64ed700e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
28d0076db09d89709ef2d882d69aa9a171fceb3c12669b28c46e08ce64ed700e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
win123.no-ip.biz:1177
470fceaa18ffd7ea15451e9bd351fd87
-
reg_key
470fceaa18ffd7ea15451e9bd351fd87
-
splitter
|'|'|
Targets
-
-
Target
28d0076db09d89709ef2d882d69aa9a171fceb3c12669b28c46e08ce64ed700e
-
Size
256KB
-
MD5
73bd3bdeb4a75c3ff74a7935ddac9c80
-
SHA1
6ce1bd6708038d57673a06052940f30e318ffdb1
-
SHA256
28d0076db09d89709ef2d882d69aa9a171fceb3c12669b28c46e08ce64ed700e
-
SHA512
bcad6326216c1f38f746c04b983b62935c81c61857e02a1825ad4e58d0f0d7cff4e1821c2ded20e8e81145fb6041dc7034d723030a19d18571eca5a0cbb4c4d2
-
SSDEEP
6144:RmfAQ369AGxNWJHzMK7pqfeJs4s1zLnlBX+UVes/d:RvVxN4HzLq2KxBX+AeG
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-