General
-
Target
32e70cd9a91470daaa68b67e2860c74412e5f67b5cdfda1e8ba2f4b12d684dc8
-
Size
396KB
-
Sample
221003-btmv6acafq
-
MD5
02fbd7f5af1730d8ad605ebdbe7d5ed0
-
SHA1
1859b6f22073ebfc3beff869699dc6aec53da2ae
-
SHA256
32e70cd9a91470daaa68b67e2860c74412e5f67b5cdfda1e8ba2f4b12d684dc8
-
SHA512
a545dad9a14bad63a65a60e65bfc9446e8ee3fdf520ddc357dd8270979849a25adf13f1eecafbbc95ae5d37a5c438de059ca0dd5a874e69182aa7e28b1f92cf3
-
SSDEEP
12288:An+roSCwiBAr+XPgM2WSO8+OXw5QDog9z:AG6wiY+XZ2E8HGQ3
Static task
static1
Behavioral task
behavioral1
Sample
32e70cd9a91470daaa68b67e2860c74412e5f67b5cdfda1e8ba2f4b12d684dc8.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
32e70cd9a91470daaa68b67e2860c74412e5f67b5cdfda1e8ba2f4b12d684dc8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
tabassss
yassineouhani.no-ip.biz:1177
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
32e70cd9a91470daaa68b67e2860c74412e5f67b5cdfda1e8ba2f4b12d684dc8
-
Size
396KB
-
MD5
02fbd7f5af1730d8ad605ebdbe7d5ed0
-
SHA1
1859b6f22073ebfc3beff869699dc6aec53da2ae
-
SHA256
32e70cd9a91470daaa68b67e2860c74412e5f67b5cdfda1e8ba2f4b12d684dc8
-
SHA512
a545dad9a14bad63a65a60e65bfc9446e8ee3fdf520ddc357dd8270979849a25adf13f1eecafbbc95ae5d37a5c438de059ca0dd5a874e69182aa7e28b1f92cf3
-
SSDEEP
12288:An+roSCwiBAr+XPgM2WSO8+OXw5QDog9z:AG6wiY+XZ2E8HGQ3
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-