General
-
Target
310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976
-
Size
200KB
-
Sample
221003-btzvqaaeg9
-
MD5
66e84153d32a83fc6bddb60b67de2640
-
SHA1
730408f28dc20362eb02f683a288ae853bfd8476
-
SHA256
310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976
-
SHA512
a00d96f90610c1376832518c11b9bc2a3e9a497be6a95342788b87a6731704605fdc3bfbc2b4b2e633d5798b0dd2efa6fe53578bec9576b2c6ab5ab7e98e7437
-
SSDEEP
1536:WSotYbj6iGuhiHpabOU81c57KPCYYX5uAgqHFjdVlrO2FdvSKUxsy/bQ6Ar3:WSoabWWigOU8c7DZJrOodvTUxFVAr3
Static task
static1
Behavioral task
behavioral1
Sample
310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
ba4c12bee3027d94da5c81db2d196bfd
-
reg_key
ba4c12bee3027d94da5c81db2d196bfd
-
splitter
|'|'|
Targets
-
-
Target
310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976
-
Size
200KB
-
MD5
66e84153d32a83fc6bddb60b67de2640
-
SHA1
730408f28dc20362eb02f683a288ae853bfd8476
-
SHA256
310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976
-
SHA512
a00d96f90610c1376832518c11b9bc2a3e9a497be6a95342788b87a6731704605fdc3bfbc2b4b2e633d5798b0dd2efa6fe53578bec9576b2c6ab5ab7e98e7437
-
SSDEEP
1536:WSotYbj6iGuhiHpabOU81c57KPCYYX5uAgqHFjdVlrO2FdvSKUxsy/bQ6Ar3:WSoabWWigOU8c7DZJrOodvTUxFVAr3
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-