General
-
Target
aad59fafa1282e7395915e14b95584d5e494d15a22bcdf0ad293c5966651c9b1
-
Size
23KB
-
Sample
221122-wvprcsce43
-
MD5
f5f9da3e4f322a2690c30173761a2842
-
SHA1
8bb5686d10b8324f9d9ee487c00b27d0e1b5c859
-
SHA256
aad59fafa1282e7395915e14b95584d5e494d15a22bcdf0ad293c5966651c9b1
-
SHA512
2692e551092f45fa138c380830094d5ff308d5aabde550a110ac348a444b1e05e441ecb74056a188358a7629fba1a886b2f44ccdd94e543dbc0d10a89a9e3432
-
SSDEEP
384:VQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/J0mRvR6JZlbw8hqIusZzZUD:wLL6MVU0pRpcnux
Behavioral task
behavioral1
Sample
aad59fafa1282e7395915e14b95584d5e494d15a22bcdf0ad293c5966651c9b1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
aad59fafa1282e7395915e14b95584d5e494d15a22bcdf0ad293c5966651c9b1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
1
anabaskota.noip.me:8080
babe1c13c72df4a2a2adaf680047b2d2
-
reg_key
babe1c13c72df4a2a2adaf680047b2d2
-
splitter
|'|'|
Targets
-
-
Target
aad59fafa1282e7395915e14b95584d5e494d15a22bcdf0ad293c5966651c9b1
-
Size
23KB
-
MD5
f5f9da3e4f322a2690c30173761a2842
-
SHA1
8bb5686d10b8324f9d9ee487c00b27d0e1b5c859
-
SHA256
aad59fafa1282e7395915e14b95584d5e494d15a22bcdf0ad293c5966651c9b1
-
SHA512
2692e551092f45fa138c380830094d5ff308d5aabde550a110ac348a444b1e05e441ecb74056a188358a7629fba1a886b2f44ccdd94e543dbc0d10a89a9e3432
-
SSDEEP
384:VQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/J0mRvR6JZlbw8hqIusZzZUD:wLL6MVU0pRpcnux
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-