General
-
Target
2e9f3938406a55b2c4d7f260df0bcc1bd4824d762a6864332c2ab40256cdeb44
-
Size
265KB
-
Sample
221013-3pjfqabcck
-
MD5
651d5e0fa9831d092405b3ba6df39630
-
SHA1
520b5f8065faf48f5be9cd12b6790a5d08f24a30
-
SHA256
2e9f3938406a55b2c4d7f260df0bcc1bd4824d762a6864332c2ab40256cdeb44
-
SHA512
2b27f11458d71210cd119eb879ec5280a5711bb379c9d8eb28d39892ed007c2f0e92dcb18234b581111a81abd2c1ceb98cccac6bf15b57bef784b237c7e2507f
-
SSDEEP
6144:lz+92mhAMJ/cPl3it8jT1cACTfgjdkA3Hj+6iTHpK1MiIa+HzS:lK2mhAMJ/cPlAK1kfgjdkA30K1MigH+
Static task
static1
Behavioral task
behavioral1
Sample
2e9f3938406a55b2c4d7f260df0bcc1bd4824d762a6864332c2ab40256cdeb44.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2e9f3938406a55b2c4d7f260df0bcc1bd4824d762a6864332c2ab40256cdeb44.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
H
tmeemwtr68.no-ip.biz:1168
8fec47ea2031d7c684beb0d0a36361b8
-
reg_key
8fec47ea2031d7c684beb0d0a36361b8
-
splitter
|'|'|
Targets
-
-
Target
2e9f3938406a55b2c4d7f260df0bcc1bd4824d762a6864332c2ab40256cdeb44
-
Size
265KB
-
MD5
651d5e0fa9831d092405b3ba6df39630
-
SHA1
520b5f8065faf48f5be9cd12b6790a5d08f24a30
-
SHA256
2e9f3938406a55b2c4d7f260df0bcc1bd4824d762a6864332c2ab40256cdeb44
-
SHA512
2b27f11458d71210cd119eb879ec5280a5711bb379c9d8eb28d39892ed007c2f0e92dcb18234b581111a81abd2c1ceb98cccac6bf15b57bef784b237c7e2507f
-
SSDEEP
6144:lz+92mhAMJ/cPl3it8jT1cACTfgjdkA3Hj+6iTHpK1MiIa+HzS:lK2mhAMJ/cPlAK1kfgjdkA30K1MigH+
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-