General
-
Target
502c38f54b01688651bd26f094e2d9232fdc6543ec14093df08b65b1ef59241a
-
Size
200KB
-
Sample
221123-vxp98sdb8z
-
MD5
9ee48d8afb2c002eaa09dc4c0ad146b7
-
SHA1
c74eafe6486255a5aa364b20eee48abfcf844d7e
-
SHA256
502c38f54b01688651bd26f094e2d9232fdc6543ec14093df08b65b1ef59241a
-
SHA512
f633de0fb275aa4a01db1398071938f6d26339935287459dfbe525d798c8968d15211a8060da111449b2d626651c2d58cde754882ed8c65c6cf17a7143074f18
-
SSDEEP
3072:0HlM7TYmySIQIvuxbj5rEnAZrq+8hwdnOLm4AAwAEi82V/p3WkPBN:0z7mBsAhOwQa9j12V/p3v7
Static task
static1
Behavioral task
behavioral1
Sample
502c38f54b01688651bd26f094e2d9232fdc6543ec14093df08b65b1ef59241a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
502c38f54b01688651bd26f094e2d9232fdc6543ec14093df08b65b1ef59241a.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
muzikas.no-ip.biz:9999
8ea61e262c64e6422375b1a90140a45e
-
reg_key
8ea61e262c64e6422375b1a90140a45e
-
splitter
|'|'|
Targets
-
-
Target
502c38f54b01688651bd26f094e2d9232fdc6543ec14093df08b65b1ef59241a
-
Size
200KB
-
MD5
9ee48d8afb2c002eaa09dc4c0ad146b7
-
SHA1
c74eafe6486255a5aa364b20eee48abfcf844d7e
-
SHA256
502c38f54b01688651bd26f094e2d9232fdc6543ec14093df08b65b1ef59241a
-
SHA512
f633de0fb275aa4a01db1398071938f6d26339935287459dfbe525d798c8968d15211a8060da111449b2d626651c2d58cde754882ed8c65c6cf17a7143074f18
-
SSDEEP
3072:0HlM7TYmySIQIvuxbj5rEnAZrq+8hwdnOLm4AAwAEi82V/p3WkPBN:0z7mBsAhOwQa9j12V/p3v7
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-