General
-
Target
b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178
-
Size
868KB
-
Sample
221002-l85pmaaga2
-
MD5
6344136916735c417ffd49606be4aea0
-
SHA1
246bec05170515feaf08a88387beb78fe3d01df4
-
SHA256
b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178
-
SHA512
a9bce68c621d5f9affe355c2048cd4b48cc32fefc462aecae676e3ab4b3ea9fdc24f1f94400c8b4ea8a3d2f86e399916788a970ac23aa15b674236e5c26b4009
-
SSDEEP
24576:c1NRQ0/S7A5SkvNYxllTRS/wibJ482oNrt27EF:c1NQMSdxNSlbN2M4C
Static task
static1
Behavioral task
behavioral1
Sample
b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
0.6.4
HacKed
mosa15.zapto.org:15
db202f2d0c993a02c48604d33df7e68f
-
reg_key
db202f2d0c993a02c48604d33df7e68f
-
splitter
|'|'|
Targets
-
-
Target
b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178
-
Size
868KB
-
MD5
6344136916735c417ffd49606be4aea0
-
SHA1
246bec05170515feaf08a88387beb78fe3d01df4
-
SHA256
b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178
-
SHA512
a9bce68c621d5f9affe355c2048cd4b48cc32fefc462aecae676e3ab4b3ea9fdc24f1f94400c8b4ea8a3d2f86e399916788a970ac23aa15b674236e5c26b4009
-
SSDEEP
24576:c1NRQ0/S7A5SkvNYxllTRS/wibJ482oNrt27EF:c1NQMSdxNSlbN2M4C
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-