General
-
Target
8454dbda35354737c7f1162466738d7077c0a9af21e93c2e49c2d7a8d5084647.exe
-
Size
6KB
-
Sample
221019-vly31aghe7
-
MD5
db8e94848ab1a1fc9c9fa0737f6ba95c
-
SHA1
c7cf8619dd0e49a264d9d83b9a1aa0170be58469
-
SHA256
8454dbda35354737c7f1162466738d7077c0a9af21e93c2e49c2d7a8d5084647
-
SHA512
df03848e37f0f5c0a703be0cd3d4ef741144ff8a2c8defa765a8d0829a31d68040ce5600ba4771685743b19aac386d962dfbe0325f079402d950562c60a31a99
-
SSDEEP
96:VhryGlVRY0RVkLa1Fz+eIufDX9tBwaDzNt:VkGlk00LGFzsufxtHF
Static task
static1
Behavioral task
behavioral1
Sample
8454dbda35354737c7f1162466738d7077c0a9af21e93c2e49c2d7a8d5084647.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8454dbda35354737c7f1162466738d7077c0a9af21e93c2e49c2d7a8d5084647.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
v2.0
update
money2022.ddns.net:8080
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
8454dbda35354737c7f1162466738d7077c0a9af21e93c2e49c2d7a8d5084647.exe
-
Size
6KB
-
MD5
db8e94848ab1a1fc9c9fa0737f6ba95c
-
SHA1
c7cf8619dd0e49a264d9d83b9a1aa0170be58469
-
SHA256
8454dbda35354737c7f1162466738d7077c0a9af21e93c2e49c2d7a8d5084647
-
SHA512
df03848e37f0f5c0a703be0cd3d4ef741144ff8a2c8defa765a8d0829a31d68040ce5600ba4771685743b19aac386d962dfbe0325f079402d950562c60a31a99
-
SSDEEP
96:VhryGlVRY0RVkLa1Fz+eIufDX9tBwaDzNt:VkGlk00LGFzsufxtHF
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-