General
-
Target
11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79
-
Size
29KB
-
Sample
221002-rje1kaabd8
-
MD5
634ab053307a90fe48245b72292180a0
-
SHA1
9f0e59ddeeffa2b280b8f3379902022179521ef2
-
SHA256
11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79
-
SHA512
f8e94ac7fe9f6b37be2e0b5262e43a8bcd76a898d6c910e0ddff38eaf58760fa258e7a17128e66e3edecc91fd8faf8be84228dcfaf6cf2fab8c0cd3520c2f6e5
-
SSDEEP
768:GrD71oGc1FRVp74q2HesBKh0p29SgRHO:kD71IPkjZKhG29jHO
Behavioral task
behavioral1
Sample
11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
feras9999.no-ip.biz:1177
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79
-
Size
29KB
-
MD5
634ab053307a90fe48245b72292180a0
-
SHA1
9f0e59ddeeffa2b280b8f3379902022179521ef2
-
SHA256
11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79
-
SHA512
f8e94ac7fe9f6b37be2e0b5262e43a8bcd76a898d6c910e0ddff38eaf58760fa258e7a17128e66e3edecc91fd8faf8be84228dcfaf6cf2fab8c0cd3520c2f6e5
-
SSDEEP
768:GrD71oGc1FRVp74q2HesBKh0p29SgRHO:kD71IPkjZKhG29jHO
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-