General
-
Target
c6ab81fd77708eae16fef94c2f41305ac3ef844835c1f3ba98febfc8eb4f337e
-
Size
56KB
-
Sample
221003-a2jysshdb3
-
MD5
639712e89c4a42bc2c755a0eb221b820
-
SHA1
a14fa807b4a48c39778e7ed756334ec2d814acf4
-
SHA256
c6ab81fd77708eae16fef94c2f41305ac3ef844835c1f3ba98febfc8eb4f337e
-
SHA512
a9c87d2d300f8353e2af02abd380dae376297f297ad659c916f2a56195d6a0527b51a3ee9066783f795d634e2852ed7a92e623e14af685ebe38609b240b63a23
-
SSDEEP
384:yCINl7rZt4AgSTnd5fGmjmumqD418+eYKGBsbh0w4wlAokw9OhgOL1vYRGOZzUZL:I7v4AgMdgmjAq8XeIBKh0p29SgRGL
Behavioral task
behavioral1
Sample
c6ab81fd77708eae16fef94c2f41305ac3ef844835c1f3ba98febfc8eb4f337e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c6ab81fd77708eae16fef94c2f41305ac3ef844835c1f3ba98febfc8eb4f337e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
mohamed-isper.ddns.net:1177
c86dde540c78abe630dfe951b22ac3e0
-
reg_key
c86dde540c78abe630dfe951b22ac3e0
-
splitter
|'|'|
Targets
-
-
Target
c6ab81fd77708eae16fef94c2f41305ac3ef844835c1f3ba98febfc8eb4f337e
-
Size
56KB
-
MD5
639712e89c4a42bc2c755a0eb221b820
-
SHA1
a14fa807b4a48c39778e7ed756334ec2d814acf4
-
SHA256
c6ab81fd77708eae16fef94c2f41305ac3ef844835c1f3ba98febfc8eb4f337e
-
SHA512
a9c87d2d300f8353e2af02abd380dae376297f297ad659c916f2a56195d6a0527b51a3ee9066783f795d634e2852ed7a92e623e14af685ebe38609b240b63a23
-
SSDEEP
384:yCINl7rZt4AgSTnd5fGmjmumqD418+eYKGBsbh0w4wlAokw9OhgOL1vYRGOZzUZL:I7v4AgMdgmjAq8XeIBKh0p29SgRGL
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-