General
-
Target
53a7ab4ce265d3fcac3d01dbf26ed90aad89659410b885467ab9e1a8006b3974
-
Size
103KB
-
Sample
221003-cd578sbdf3
-
MD5
756f85a97b5869e6a8c7c928aeded680
-
SHA1
3e17d038b46530c97dc507e65ab0a5ad49d327c0
-
SHA256
53a7ab4ce265d3fcac3d01dbf26ed90aad89659410b885467ab9e1a8006b3974
-
SHA512
1d49fce5001608751e47f7c2f30ec75a9fa57cc909008ef45c697377d79be3ecf209d39f2d8ba3bed464e2f8c3e1d941926a78a7940f2aa654cccbae707335d9
-
SSDEEP
3072:h7L0eF0bZxjK3B/w8lrcqodTnNMlisYbPD0KTjOIJH:h7JFM+/PytdjNMzKRTK
Static task
static1
Behavioral task
behavioral1
Sample
53a7ab4ce265d3fcac3d01dbf26ed90aad89659410b885467ab9e1a8006b3974.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
53a7ab4ce265d3fcac3d01dbf26ed90aad89659410b885467ab9e1a8006b3974.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
charifo1310tok.no-ip.biz:1177
082b691d19fa812ba15934e0fd52d412
-
reg_key
082b691d19fa812ba15934e0fd52d412
-
splitter
|'|'|
Targets
-
-
Target
53a7ab4ce265d3fcac3d01dbf26ed90aad89659410b885467ab9e1a8006b3974
-
Size
103KB
-
MD5
756f85a97b5869e6a8c7c928aeded680
-
SHA1
3e17d038b46530c97dc507e65ab0a5ad49d327c0
-
SHA256
53a7ab4ce265d3fcac3d01dbf26ed90aad89659410b885467ab9e1a8006b3974
-
SHA512
1d49fce5001608751e47f7c2f30ec75a9fa57cc909008ef45c697377d79be3ecf209d39f2d8ba3bed464e2f8c3e1d941926a78a7940f2aa654cccbae707335d9
-
SSDEEP
3072:h7L0eF0bZxjK3B/w8lrcqodTnNMlisYbPD0KTjOIJH:h7JFM+/PytdjNMzKRTK
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-