General
-
Target
c3204158f6385fca0f872d271655c8329c291c94074eabace8045c225ab9685c
-
Size
59KB
-
Sample
221002-k3m2ysgfc6
-
MD5
73b76081380127c9945b404a2e7cae90
-
SHA1
84ab59754437b503ff879f7508fe01ba2e546e9f
-
SHA256
c3204158f6385fca0f872d271655c8329c291c94074eabace8045c225ab9685c
-
SHA512
43fa7892f314c565b7b2bfe92dc94ed0ca29b6d5ff0cf1e4830c78d5310078b9f11b96c6b3d6d734bcb8d7c241ce71e7d054a0a6a18faa92c7f4c22571d4cda6
-
SSDEEP
768:mJv3kWdVTiSz9Wls8iQh8BvbzinvHc2JscuqvqJPnmgl5Lk5xb4VjHpAh8bDXwVU:03R8H9Js5Lk5dO6V/MJEMCK/RXQ
Static task
static1
Behavioral task
behavioral1
Sample
c3204158f6385fca0f872d271655c8329c291c94074eabace8045c225ab9685c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c3204158f6385fca0f872d271655c8329c291c94074eabace8045c225ab9685c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
directlink.no-ip.biz:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
c3204158f6385fca0f872d271655c8329c291c94074eabace8045c225ab9685c
-
Size
59KB
-
MD5
73b76081380127c9945b404a2e7cae90
-
SHA1
84ab59754437b503ff879f7508fe01ba2e546e9f
-
SHA256
c3204158f6385fca0f872d271655c8329c291c94074eabace8045c225ab9685c
-
SHA512
43fa7892f314c565b7b2bfe92dc94ed0ca29b6d5ff0cf1e4830c78d5310078b9f11b96c6b3d6d734bcb8d7c241ce71e7d054a0a6a18faa92c7f4c22571d4cda6
-
SSDEEP
768:mJv3kWdVTiSz9Wls8iQh8BvbzinvHc2JscuqvqJPnmgl5Lk5xb4VjHpAh8bDXwVU:03R8H9Js5Lk5dO6V/MJEMCK/RXQ
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-