General
-
Target
bf1395855f7fbcac2955ca12b178e53726385eec04600d1efe9d40cc4b64ef77
-
Size
481KB
-
Sample
221119-kwwqhsha5v
-
MD5
27e00b93a37c51f428df323ea212c120
-
SHA1
f2a35453203bd6352e63e8f11b73a141c2e7bcff
-
SHA256
bf1395855f7fbcac2955ca12b178e53726385eec04600d1efe9d40cc4b64ef77
-
SHA512
991a1d3c04bdf76a62df8917577df8487503b7e60a9e764fd4da414ef6820feae35caf43cfbbd98a2a493848afed5968d05e251ac66ecb585df7dfe32580ed43
-
SSDEEP
6144:+4ZXzlxRdFf8SOcHeBl1b3HflUgxwTcDzw2:+sxLFfFOcHK1bvlUgxwd
Static task
static1
Behavioral task
behavioral1
Sample
bf1395855f7fbcac2955ca12b178e53726385eec04600d1efe9d40cc4b64ef77.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bf1395855f7fbcac2955ca12b178e53726385eec04600d1efe9d40cc4b64ef77.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
TOP
127.0.0.1:1177
1daaeb58fdbc3f56c70815de2de95e46
-
reg_key
1daaeb58fdbc3f56c70815de2de95e46
-
splitter
|'|'|
Targets
-
-
Target
bf1395855f7fbcac2955ca12b178e53726385eec04600d1efe9d40cc4b64ef77
-
Size
481KB
-
MD5
27e00b93a37c51f428df323ea212c120
-
SHA1
f2a35453203bd6352e63e8f11b73a141c2e7bcff
-
SHA256
bf1395855f7fbcac2955ca12b178e53726385eec04600d1efe9d40cc4b64ef77
-
SHA512
991a1d3c04bdf76a62df8917577df8487503b7e60a9e764fd4da414ef6820feae35caf43cfbbd98a2a493848afed5968d05e251ac66ecb585df7dfe32580ed43
-
SSDEEP
6144:+4ZXzlxRdFf8SOcHeBl1b3HflUgxwTcDzw2:+sxLFfFOcHK1bvlUgxwd
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-