General
-
Target
5eb8e9fdad7d5b0ce0dbff63dc0feb53af5093f01888403bb426b0c13e7c572a
-
Size
319KB
-
Sample
221123-vl4cqahd53
-
MD5
d974e8a7e94fae3bef8b9a663057ba05
-
SHA1
02457284d0a0a05fc84e59fe6f34f4ee5f324df8
-
SHA256
5eb8e9fdad7d5b0ce0dbff63dc0feb53af5093f01888403bb426b0c13e7c572a
-
SHA512
a683482f2e585bb5f5e1e342c660f63b279317dfbd8ff23b306546eeb52c15e3659c85b94b2e5de80d8400cde6a1ca9f0d301b3e9cd608c6415d152a456ba9dd
-
SSDEEP
3072:XTn64mgLXEg36vdXheha1G+VedMdGW53aKzfBrKGdrsx7HD:Dn4gIR1XhYa11VedMdGYKGRsZ
Static task
static1
Behavioral task
behavioral1
Sample
5eb8e9fdad7d5b0ce0dbff63dc0feb53af5093f01888403bb426b0c13e7c572a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5eb8e9fdad7d5b0ce0dbff63dc0feb53af5093f01888403bb426b0c13e7c572a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
ﻣ̲ﺳ̲ﺗ̲ﺷ̲ﺂ̲ږ ﺂ̲بـﻟ̲يےﺳ̲
aaddbbkk.hopto.org:1177
85d96ae9b74c6f98a30eae5caffd31d4
-
reg_key
85d96ae9b74c6f98a30eae5caffd31d4
-
splitter
|'|'|
Targets
-
-
Target
5eb8e9fdad7d5b0ce0dbff63dc0feb53af5093f01888403bb426b0c13e7c572a
-
Size
319KB
-
MD5
d974e8a7e94fae3bef8b9a663057ba05
-
SHA1
02457284d0a0a05fc84e59fe6f34f4ee5f324df8
-
SHA256
5eb8e9fdad7d5b0ce0dbff63dc0feb53af5093f01888403bb426b0c13e7c572a
-
SHA512
a683482f2e585bb5f5e1e342c660f63b279317dfbd8ff23b306546eeb52c15e3659c85b94b2e5de80d8400cde6a1ca9f0d301b3e9cd608c6415d152a456ba9dd
-
SSDEEP
3072:XTn64mgLXEg36vdXheha1G+VedMdGW53aKzfBrKGdrsx7HD:Dn4gIR1XhYa11VedMdGYKGRsZ
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-