General
-
Target
f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
-
Size
935KB
-
Sample
221004-belpjsehd2
-
MD5
39155d3cb3f7297e02c78e8de64e0060
-
SHA1
3a8825b7168b837d5388f5b26b24ea950169f131
-
SHA256
f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
-
SHA512
30d2d6237964da7af8fa9b89ef2168c471f5cd9a504ca2d777bdf361b813c8be21763d89f5ad92fc9ee1e1cf1104d41ee16b75b37934fce5544977a57c82c8a4
-
SSDEEP
24576:n4t9MIPPE/RaPtUPYh31XyGb7govmIa1x3c:K0/R0tkA1fgUmIix
Static task
static1
Behavioral task
behavioral1
Sample
f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
mark3000011.no-ip.biz:1177
b5857819bb096c04134249d6f4e71934
-
reg_key
b5857819bb096c04134249d6f4e71934
-
splitter
|'|'|
Extracted
darkcomet
RAT
liorhadad.no-ip.info:1300
46.116.152.219:1300
85.64.54.170:1300
DC_MUTEX-69QBQR9
-
gencode
6GuJmgpzwFpe
-
install
false
-
offline_keylogger
true
-
password
123456s
-
persistence
false
Targets
-
-
Target
f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
-
Size
935KB
-
MD5
39155d3cb3f7297e02c78e8de64e0060
-
SHA1
3a8825b7168b837d5388f5b26b24ea950169f131
-
SHA256
f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
-
SHA512
30d2d6237964da7af8fa9b89ef2168c471f5cd9a504ca2d777bdf361b813c8be21763d89f5ad92fc9ee1e1cf1104d41ee16b75b37934fce5544977a57c82c8a4
-
SSDEEP
24576:n4t9MIPPE/RaPtUPYh31XyGb7govmIa1x3c:K0/R0tkA1fgUmIix
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-