General
-
Target
fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
-
Size
131KB
-
Sample
221030-h27c4aghe2
-
MD5
93c3392b91669a01cceb599296c3c2b0
-
SHA1
fbe8bae801d725dc2d40ce680e14f5b34a5737be
-
SHA256
fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
-
SHA512
ef4b685c6c75f4f68c49a5ee119576cdec7b4a5abba61d2bca333be18225ac08da6ca8edf91e1bd5fd0fbede4b10b688b53b98a5b26bed7639a71a0a1332a610
-
SSDEEP
3072:O/fCCPsG9etK87u1JdYVU10PIutREBO9qYDHa4rCcBM2v:OjP2KEhUWPIuPEOAYD64xf
Static task
static1
Behavioral task
behavioral1
Sample
fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
yahoo
127.0.0.1:5552
c20dc55207710c29d1db3ad3160138a1
-
reg_key
c20dc55207710c29d1db3ad3160138a1
-
splitter
|'|'|
Targets
-
-
Target
fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
-
Size
131KB
-
MD5
93c3392b91669a01cceb599296c3c2b0
-
SHA1
fbe8bae801d725dc2d40ce680e14f5b34a5737be
-
SHA256
fe416e3b6b814dc3a5dc24e6f29f7f6f3aa44654a69f40a3212c96826d182cd4
-
SHA512
ef4b685c6c75f4f68c49a5ee119576cdec7b4a5abba61d2bca333be18225ac08da6ca8edf91e1bd5fd0fbede4b10b688b53b98a5b26bed7639a71a0a1332a610
-
SSDEEP
3072:O/fCCPsG9etK87u1JdYVU10PIutREBO9qYDHa4rCcBM2v:OjP2KEhUWPIuPEOAYD64xf
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-