General
-
Target
Invoice Copies.img
-
Size
56KB
-
Sample
221027-1zdxwadhar
-
MD5
166bc3f938e635a6784bb83de0f7b896
-
SHA1
9b3544b74d7305b6f161d532fe247ed86c5f0b9b
-
SHA256
e6546d3c6c424e49d9b88648f731ad9bd7bddecc885b3f099ac7e33432ebdd52
-
SHA512
e6a6e01b32b569ee761b058673925bac0a314b85435f0a86f2b65ab7e245245871128636ad6604997ac6801192e8d66cfadb73061d22b71df9f124624d336a8d
-
SSDEEP
96:5XiSac97tzddXgXV5HvdzLXPB7/++yam6meMhq7B99ALbzNtL7:MSphzddaPdzLXJ72LGmT47JAL9x7
Static task
static1
Behavioral task
behavioral1
Sample
Invoice Copies.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Invoice Copies.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
v2.0
update
money2022.ddns.net:8080
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Invoice Copies.exe
-
Size
6KB
-
MD5
ee3b8f3f1da88398032df33c0f3bd663
-
SHA1
b5a606cede787a23ae8f051ccce4fe64cc192f22
-
SHA256
aa5f137c6505bd37b23a8e087fd73974a029f6b98e4590d550d84a8941390dda
-
SHA512
3e6587de2eec4108d5bca390499442b7ac34f399e4421b7eac76ac0508492b4ea5ba30059b76f6fc2a424cf9226e17c624468aa58e953647b90dac52c361297c
-
SSDEEP
96:Hac97tzddXgXV5HvdzLXPB7/++yam6meMhq7B99ALbzNt:HphzddaPdzLXJ72LGmT47JAL9
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-