General
-
Target
c7f27f39bc1aa0128a98aa1fafc71f8008f6d897d74cae9d10f59fd8dc1f1af0
-
Size
29KB
-
Sample
221123-lr81qacb54
-
MD5
2ec4de9fb46f096cb9d8cda59dbf0a9f
-
SHA1
c798a2b7efa30131712cc93d257665782aa7e493
-
SHA256
c7f27f39bc1aa0128a98aa1fafc71f8008f6d897d74cae9d10f59fd8dc1f1af0
-
SHA512
cf80dcf90fde9eb4fd5109c70405006df94cd2424ab43085303a6bea809de35a81ed78a19c8894ccd24a03057e46a87d9f8c816f5de436ae4e0861a24b8c4ec4
-
SSDEEP
768:cx77Kk4XeP/Fzsq+xre6BKh0p29SgR6d:27K7W4zx3KhG29j6d
Behavioral task
behavioral1
Sample
c7f27f39bc1aa0128a98aa1fafc71f8008f6d897d74cae9d10f59fd8dc1f1af0.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
husseinsaif.linkpc.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
c7f27f39bc1aa0128a98aa1fafc71f8008f6d897d74cae9d10f59fd8dc1f1af0
-
Size
29KB
-
MD5
2ec4de9fb46f096cb9d8cda59dbf0a9f
-
SHA1
c798a2b7efa30131712cc93d257665782aa7e493
-
SHA256
c7f27f39bc1aa0128a98aa1fafc71f8008f6d897d74cae9d10f59fd8dc1f1af0
-
SHA512
cf80dcf90fde9eb4fd5109c70405006df94cd2424ab43085303a6bea809de35a81ed78a19c8894ccd24a03057e46a87d9f8c816f5de436ae4e0861a24b8c4ec4
-
SSDEEP
768:cx77Kk4XeP/Fzsq+xre6BKh0p29SgR6d:27K7W4zx3KhG29j6d
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-