General
-
Target
52c9b1b1d8a3babe07e31bb510ee9dc6d55a31dec86effcf0808a3caf8459394
-
Size
29KB
-
Sample
221123-vq45tahg33
-
MD5
4916cb099db6081c6a82c3af78f0e28d
-
SHA1
54dd4ae52d940a3cdd4839fd168e17f46226b34b
-
SHA256
52c9b1b1d8a3babe07e31bb510ee9dc6d55a31dec86effcf0808a3caf8459394
-
SHA512
9afa183e38357640147c1ac52c2fee3e1835ab192333e98308f50da3bad72af917e9560f6b07437a1a96be1d313055460124fa0e676098819d1097000511f199
-
SSDEEP
384:9SItl77FDFucYfKQCcvVt5Th3iOmqD8lTeY6GBsbh0w4wlAokw9OhgOL1vYRGOZ7:b77ucYfKQT7z3sq4TewBKh0p29SgRn/
Behavioral task
behavioral1
Sample
52c9b1b1d8a3babe07e31bb510ee9dc6d55a31dec86effcf0808a3caf8459394.exe
Resource
win7-20221111-en
Malware Config
Extracted
njrat
0.6.4
HacKed
danamuhammad12.no-ip.org:1177
dae31c02cb06222e776b9ccb9207edb1
-
reg_key
dae31c02cb06222e776b9ccb9207edb1
-
splitter
|'|'|
Targets
-
-
Target
52c9b1b1d8a3babe07e31bb510ee9dc6d55a31dec86effcf0808a3caf8459394
-
Size
29KB
-
MD5
4916cb099db6081c6a82c3af78f0e28d
-
SHA1
54dd4ae52d940a3cdd4839fd168e17f46226b34b
-
SHA256
52c9b1b1d8a3babe07e31bb510ee9dc6d55a31dec86effcf0808a3caf8459394
-
SHA512
9afa183e38357640147c1ac52c2fee3e1835ab192333e98308f50da3bad72af917e9560f6b07437a1a96be1d313055460124fa0e676098819d1097000511f199
-
SSDEEP
384:9SItl77FDFucYfKQCcvVt5Th3iOmqD8lTeY6GBsbh0w4wlAokw9OhgOL1vYRGOZ7:b77ucYfKQT7z3sq4TewBKh0p29SgRn/
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-