General
-
Target
b94c29371fee73f3606612ecb8f05bb3bd3baea5346fc2871190f5f86c60cba3
-
Size
711KB
-
Sample
221003-b7zrwabbc5
-
MD5
65850d7a846095315f2a9dd3dd637800
-
SHA1
544884f39b430caafe411538a6f42125fe1f0eef
-
SHA256
b94c29371fee73f3606612ecb8f05bb3bd3baea5346fc2871190f5f86c60cba3
-
SHA512
9a642bd43b45b588af6b35bd3ee749d0c5851de41775dc4c397fd2e7897fbf21e52ebfb7ffbf3571e89c401caa8c5d3b7b93714d9f17da72785d8ecab465b8c2
-
SSDEEP
12288:H9fqw6NEeEZaJLeO4M5r1J5gD0ce4XRiJncTL4lZWzuaUA8Dq/LZJTC0Qn7dDWK:dfqw6NEeyaJLEQJ6QceGRMnULcLU8Dq8
Static task
static1
Behavioral task
behavioral1
Sample
b94c29371fee73f3606612ecb8f05bb3bd3baea5346fc2871190f5f86c60cba3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b94c29371fee73f3606612ecb8f05bb3bd3baea5346fc2871190f5f86c60cba3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
windows_up
kixeye20071.no-ip.biz:1177
49c00edc9f4c394fe7914f370bfa072e
-
reg_key
49c00edc9f4c394fe7914f370bfa072e
-
splitter
|'|'|
Targets
-
-
Target
b94c29371fee73f3606612ecb8f05bb3bd3baea5346fc2871190f5f86c60cba3
-
Size
711KB
-
MD5
65850d7a846095315f2a9dd3dd637800
-
SHA1
544884f39b430caafe411538a6f42125fe1f0eef
-
SHA256
b94c29371fee73f3606612ecb8f05bb3bd3baea5346fc2871190f5f86c60cba3
-
SHA512
9a642bd43b45b588af6b35bd3ee749d0c5851de41775dc4c397fd2e7897fbf21e52ebfb7ffbf3571e89c401caa8c5d3b7b93714d9f17da72785d8ecab465b8c2
-
SSDEEP
12288:H9fqw6NEeEZaJLeO4M5r1J5gD0ce4XRiJncTL4lZWzuaUA8Dq/LZJTC0Qn7dDWK:dfqw6NEeyaJLEQJ6QceGRMnULcLU8Dq8
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-