General
-
Target
d6e84941ce5d258a635374d5d3a35b7b50f920c9da6d2804c3469e2681c9a525
-
Size
576KB
-
Sample
221003-cdfbtachhm
-
MD5
371a9e97a6c1a198db1735eadd2ddde0
-
SHA1
3fc4f4b63e43d9219168ff80855242c68c8308c4
-
SHA256
d6e84941ce5d258a635374d5d3a35b7b50f920c9da6d2804c3469e2681c9a525
-
SHA512
f717b3c86a659921cb0a64144928f41cf975f0510a43bf4f416cf24a1d57926e77fd7244fb684ace2f8af3f9ca59646de7bbba8b7b2647d37943703a5e6a1a97
-
SSDEEP
12288:o1NbHByjm6KffQjrkQR8Lx1ahP+dmyyGlcWH:sbHgjmYj4QSLLaN+dmyyGL
Static task
static1
Behavioral task
behavioral1
Sample
d6e84941ce5d258a635374d5d3a35b7b50f920c9da6d2804c3469e2681c9a525.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d6e84941ce5d258a635374d5d3a35b7b50f920c9da6d2804c3469e2681c9a525.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
Szwaby
scamher.chickenkiller.com:55554
0391c958660a9aa52aecefa0d373bda0
-
reg_key
0391c958660a9aa52aecefa0d373bda0
-
splitter
|'|'|
Targets
-
-
Target
d6e84941ce5d258a635374d5d3a35b7b50f920c9da6d2804c3469e2681c9a525
-
Size
576KB
-
MD5
371a9e97a6c1a198db1735eadd2ddde0
-
SHA1
3fc4f4b63e43d9219168ff80855242c68c8308c4
-
SHA256
d6e84941ce5d258a635374d5d3a35b7b50f920c9da6d2804c3469e2681c9a525
-
SHA512
f717b3c86a659921cb0a64144928f41cf975f0510a43bf4f416cf24a1d57926e77fd7244fb684ace2f8af3f9ca59646de7bbba8b7b2647d37943703a5e6a1a97
-
SSDEEP
12288:o1NbHByjm6KffQjrkQR8Lx1ahP+dmyyGlcWH:sbHgjmYj4QSLLaN+dmyyGL
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-