General
-
Target
niggaOS.exe
-
Size
46KB
-
Sample
221020-txhdysdea7
-
MD5
6298049d70017cf38ac1f2c815221e48
-
SHA1
e2206d5750377917486eec1a24cc1fe5f7d6e0d7
-
SHA256
9e41fdbb903f822603a8e2d311238de70ed00109a1e68c36e2b4abee31b28cee
-
SHA512
1af2449f76172cb123fcbfb0906c469d3c319793f485b447d8540d20ac0cd76e59a3ac55a5b558de83fe67d5e68112642dd3f11254893fa7b38ab527d22bbcd9
-
SSDEEP
768:drqHpR9Ef5HOiCFsZrM+rMRa8NuR9thA:dWHpRyhHAa6+gRJNuh
Behavioral task
behavioral1
Sample
niggaOS.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
niggaOS.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
im523
Lime
enderop44-36084.portmap.host:36084
6878a8a311cfa64f9d4241424faeca3d
-
reg_key
6878a8a311cfa64f9d4241424faeca3d
-
splitter
|'|'|
Targets
-
-
Target
niggaOS.exe
-
Size
46KB
-
MD5
6298049d70017cf38ac1f2c815221e48
-
SHA1
e2206d5750377917486eec1a24cc1fe5f7d6e0d7
-
SHA256
9e41fdbb903f822603a8e2d311238de70ed00109a1e68c36e2b4abee31b28cee
-
SHA512
1af2449f76172cb123fcbfb0906c469d3c319793f485b447d8540d20ac0cd76e59a3ac55a5b558de83fe67d5e68112642dd3f11254893fa7b38ab527d22bbcd9
-
SSDEEP
768:drqHpR9Ef5HOiCFsZrM+rMRa8NuR9thA:dWHpRyhHAa6+gRJNuh
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-