General
-
Target
c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6
-
Size
166KB
-
Sample
221004-dsdxzaaddr
-
MD5
67883f8a4f7243bbf4f5bcd30ac0fd7d
-
SHA1
461d4783878d207900dff1043bdb5f2cdcd8165e
-
SHA256
c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6
-
SHA512
f4aeb17bd4629930d9990c6c2f2e8f33de901a1ace957799752dcbbbf73bdf11829c6d15f75f70e5977a6f23872297928b1330201aef9afc8af4f6e46e561dfe
-
SSDEEP
1536:9keWklluiIPOuaxrgJeu4a6IM8YgPAdmRUcTOZYAC1nlqCSk5kHyiWji1NL:9/XuDt4Neq
Behavioral task
behavioral1
Sample
c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6
-
Size
166KB
-
MD5
67883f8a4f7243bbf4f5bcd30ac0fd7d
-
SHA1
461d4783878d207900dff1043bdb5f2cdcd8165e
-
SHA256
c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6
-
SHA512
f4aeb17bd4629930d9990c6c2f2e8f33de901a1ace957799752dcbbbf73bdf11829c6d15f75f70e5977a6f23872297928b1330201aef9afc8af4f6e46e561dfe
-
SSDEEP
1536:9keWklluiIPOuaxrgJeu4a6IM8YgPAdmRUcTOZYAC1nlqCSk5kHyiWji1NL:9/XuDt4Neq
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-