General
-
Target
0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
-
Size
222KB
-
Sample
221003-b2bg4aagh9
-
MD5
3bf7caf61289891504b82a61e646f580
-
SHA1
b8205a7db4641c07bf3d5bb2addf3e03df52f707
-
SHA256
0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
-
SHA512
57f8904b3005517de9db78d2680499aa40960083de812805bf5b807fd694fe2b9a2a99f589c56a60f9eb9dcbb423b434dd042aec4fd514768b4fbe827136e851
-
SSDEEP
3072:bUN4EJaRilgqZqLYmDOZN/23Qp5oviiXpIv2U2y8J:2qilPOsN/2c5otX2v2U2
Static task
static1
Behavioral task
behavioral1
Sample
0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
alimohamed90.no-ip.biz:7991
03cfa1487a94d2b11760b77d3e3b04b3
-
reg_key
03cfa1487a94d2b11760b77d3e3b04b3
-
splitter
|'|'|
Targets
-
-
Target
0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
-
Size
222KB
-
MD5
3bf7caf61289891504b82a61e646f580
-
SHA1
b8205a7db4641c07bf3d5bb2addf3e03df52f707
-
SHA256
0988bc6b04ac4c0f8475733199f1c1c18fcada9b972a906c3d80d62d6e7d343c
-
SHA512
57f8904b3005517de9db78d2680499aa40960083de812805bf5b807fd694fe2b9a2a99f589c56a60f9eb9dcbb423b434dd042aec4fd514768b4fbe827136e851
-
SSDEEP
3072:bUN4EJaRilgqZqLYmDOZN/23Qp5oviiXpIv2U2y8J:2qilPOsN/2c5otX2v2U2
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-