General
-
Target
afd826e3d09b5b147d9dc2874d159d4e066e633cfda82dac9c941e4df3c929d5
-
Size
32KB
-
Sample
221019-1tpgesacc2
-
MD5
90f5a408048f5bd6803a98331cded120
-
SHA1
a9ccc979131258242d80d3dbab2c41fb3d7511ed
-
SHA256
afd826e3d09b5b147d9dc2874d159d4e066e633cfda82dac9c941e4df3c929d5
-
SHA512
45c9925826c9e7ee7490b01c12808798997501961984be4c2ccc2764664122ec056e35e2a13fe50c056c929a7a65b5a54138630705779c965797698955875ad3
-
SSDEEP
768:UfLjXHlL0vNcof4t08X+dk4FglrAHhd0AQvxCx:UfH3lLY4L4kWnusx
Static task
static1
Behavioral task
behavioral1
Sample
afd826e3d09b5b147d9dc2874d159d4e066e633cfda82dac9c941e4df3c929d5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
afd826e3d09b5b147d9dc2874d159d4e066e633cfda82dac9c941e4df3c929d5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
loaimajdi.no-ip.biz:5552
10ce81ee12043fcd07c0abe92db49633
-
reg_key
10ce81ee12043fcd07c0abe92db49633
-
splitter
|'|'|
Targets
-
-
Target
afd826e3d09b5b147d9dc2874d159d4e066e633cfda82dac9c941e4df3c929d5
-
Size
32KB
-
MD5
90f5a408048f5bd6803a98331cded120
-
SHA1
a9ccc979131258242d80d3dbab2c41fb3d7511ed
-
SHA256
afd826e3d09b5b147d9dc2874d159d4e066e633cfda82dac9c941e4df3c929d5
-
SHA512
45c9925826c9e7ee7490b01c12808798997501961984be4c2ccc2764664122ec056e35e2a13fe50c056c929a7a65b5a54138630705779c965797698955875ad3
-
SSDEEP
768:UfLjXHlL0vNcof4t08X+dk4FglrAHhd0AQvxCx:UfH3lLY4L4kWnusx
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-