General
-
Target
3016b73d983f1d79e2f66e15384558829ed16447b17b15236a15f02b9e461ff2
-
Size
182KB
-
Sample
221123-r1y5rsda5s
-
MD5
c413ef6a9921f37a7766c736c02958a2
-
SHA1
a20883218ee4067ed97e762b4f1d693ce0e9c927
-
SHA256
3016b73d983f1d79e2f66e15384558829ed16447b17b15236a15f02b9e461ff2
-
SHA512
dadf781ecb5513f6b3d79fa14f4bfeace823e90ad8920e8b8f3d795334e272a929f18becabb7c6c88b7e2ff1f1212f2031c306edadc3ebeec960e5cbe627bad4
-
SSDEEP
1536:FvZiUkdJRWuBIu/R1jn9+OhU0D+1RamKcqkPAtk7jKyKPNjiD/FbprdIBS22bfUz:FhiUOJ0GjoO+0bm5rey2OdIBJiw
Behavioral task
behavioral1
Sample
3016b73d983f1d79e2f66e15384558829ed16447b17b15236a15f02b9e461ff2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3016b73d983f1d79e2f66e15384558829ed16447b17b15236a15f02b9e461ff2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
HacKed
mahamadhawrami11.ddns.net:1177
3c85567a562aef333ed82feac3a2b02e
-
reg_key
3c85567a562aef333ed82feac3a2b02e
-
splitter
|'|'|
Targets
-
-
Target
3016b73d983f1d79e2f66e15384558829ed16447b17b15236a15f02b9e461ff2
-
Size
182KB
-
MD5
c413ef6a9921f37a7766c736c02958a2
-
SHA1
a20883218ee4067ed97e762b4f1d693ce0e9c927
-
SHA256
3016b73d983f1d79e2f66e15384558829ed16447b17b15236a15f02b9e461ff2
-
SHA512
dadf781ecb5513f6b3d79fa14f4bfeace823e90ad8920e8b8f3d795334e272a929f18becabb7c6c88b7e2ff1f1212f2031c306edadc3ebeec960e5cbe627bad4
-
SSDEEP
1536:FvZiUkdJRWuBIu/R1jn9+OhU0D+1RamKcqkPAtk7jKyKPNjiD/FbprdIBS22bfUz:FhiUOJ0GjoO+0bm5rey2OdIBJiw
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-