General
-
Target
0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
-
Size
166KB
-
Sample
221003-cl6tqsbge7
-
MD5
6c925d7f69ba47e3e8ccb2474cf74cc0
-
SHA1
24108206b07bdd746de942832535cb6de7daab29
-
SHA256
0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
-
SHA512
bf0ce52e920286a62d34aeb2f4b4d101d1d7ff565a79e79ffcc7e9d53a8446ef0b770dfd8ecad28f36d93f8f793c0066fa85a764ee38c201c29ff64912939dbc
-
SSDEEP
3072:mxkJK5AHrgLdB6Ysm6naFnhToIj6VPr6gYU58MjpAoBQDWDbnXgsXs227qJB4C6Y:ik8OHrgpysnZjEPgBMjpAornwnOJB4ZY
Behavioral task
behavioral1
Sample
0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
my22imaliassad.ddns.net:1177
6b62e27c91b6a7a477b4ea53b5b9d287
-
reg_key
6b62e27c91b6a7a477b4ea53b5b9d287
-
splitter
|'|'|
Targets
-
-
Target
0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
-
Size
166KB
-
MD5
6c925d7f69ba47e3e8ccb2474cf74cc0
-
SHA1
24108206b07bdd746de942832535cb6de7daab29
-
SHA256
0b7927369382e066477942b846cf63f548061207ccb513e60f515f191cd3ec90
-
SHA512
bf0ce52e920286a62d34aeb2f4b4d101d1d7ff565a79e79ffcc7e9d53a8446ef0b770dfd8ecad28f36d93f8f793c0066fa85a764ee38c201c29ff64912939dbc
-
SSDEEP
3072:mxkJK5AHrgLdB6Ysm6naFnhToIj6VPr6gYU58MjpAoBQDWDbnXgsXs227qJB4C6Y:ik8OHrgpysnZjEPgBMjpAornwnOJB4ZY
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-