General
-
Target
3889a48fdee124bf502e54d3ce5ed8ff6f2049b2ac426be85d68c7b691680e4b
-
Size
392KB
-
Sample
221020-gtht4aghh3
-
MD5
7578da21c9c615e0c81f44c197375780
-
SHA1
14e26a0792bfe3660be457a2dab3c1caf83306d9
-
SHA256
3889a48fdee124bf502e54d3ce5ed8ff6f2049b2ac426be85d68c7b691680e4b
-
SHA512
a52db33f938d5b79cbd9897a523894848ac4f5e49f060cc0a34cf0eb278418558d1f5d7115203fb5ebc24b81f5dd9a40934a95890adfe0a9b18a30a25f009e2a
-
SSDEEP
6144:PzuisYLtJd7uM73ADbymhp32imYsYVJwwh4/BOu8KQ3jrh41h5+lisy:PaStnUqmhpoCwwh06ho2u
Static task
static1
Behavioral task
behavioral1
Sample
3889a48fdee124bf502e54d3ce5ed8ff6f2049b2ac426be85d68c7b691680e4b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3889a48fdee124bf502e54d3ce5ed8ff6f2049b2ac426be85d68c7b691680e4b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
vic
grthom2h.no-ip.biz:5552
07977633b8f530d5bde60b61999bac13
-
reg_key
07977633b8f530d5bde60b61999bac13
-
splitter
|'|'|
Targets
-
-
Target
3889a48fdee124bf502e54d3ce5ed8ff6f2049b2ac426be85d68c7b691680e4b
-
Size
392KB
-
MD5
7578da21c9c615e0c81f44c197375780
-
SHA1
14e26a0792bfe3660be457a2dab3c1caf83306d9
-
SHA256
3889a48fdee124bf502e54d3ce5ed8ff6f2049b2ac426be85d68c7b691680e4b
-
SHA512
a52db33f938d5b79cbd9897a523894848ac4f5e49f060cc0a34cf0eb278418558d1f5d7115203fb5ebc24b81f5dd9a40934a95890adfe0a9b18a30a25f009e2a
-
SSDEEP
6144:PzuisYLtJd7uM73ADbymhp32imYsYVJwwh4/BOu8KQ3jrh41h5+lisy:PaStnUqmhpoCwwh06ho2u
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-