General
-
Target
583843ccdcc5a370bef5609fce9a3a466cedd7c8da5ad557c15082be774e4796
-
Size
23KB
-
Sample
221004-cgcebsgee5
-
MD5
60d4b514cb5ead246d90995e2d0d8c60
-
SHA1
8298077e70460b1273db1a17a113aa476015e6e9
-
SHA256
583843ccdcc5a370bef5609fce9a3a466cedd7c8da5ad557c15082be774e4796
-
SHA512
73bbf30381bc614f06adc7fd92f473b39809d19da3c336ce5f446cd8eedf189596a97c54509a97a1858e4310da165ddc49eb926742d11a905235c21bd71eb080
-
SSDEEP
384:21MKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZeF:2+W4V6+yDRpcnuB
Behavioral task
behavioral1
Sample
583843ccdcc5a370bef5609fce9a3a466cedd7c8da5ad557c15082be774e4796.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
583843ccdcc5a370bef5609fce9a3a466cedd7c8da5ad557c15082be774e4796.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
alloushketlona99.ddns.net:80
1a3f0c3b0fe6044acb0387f3a28547fb
-
reg_key
1a3f0c3b0fe6044acb0387f3a28547fb
-
splitter
|'|'|
Targets
-
-
Target
583843ccdcc5a370bef5609fce9a3a466cedd7c8da5ad557c15082be774e4796
-
Size
23KB
-
MD5
60d4b514cb5ead246d90995e2d0d8c60
-
SHA1
8298077e70460b1273db1a17a113aa476015e6e9
-
SHA256
583843ccdcc5a370bef5609fce9a3a466cedd7c8da5ad557c15082be774e4796
-
SHA512
73bbf30381bc614f06adc7fd92f473b39809d19da3c336ce5f446cd8eedf189596a97c54509a97a1858e4310da165ddc49eb926742d11a905235c21bd71eb080
-
SSDEEP
384:21MKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZeF:2+W4V6+yDRpcnuB
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-