General
-
Target
98319c8882f4f78cd685921fb0a7bdc6d7bd52aae8e6e480a9009d7aaa326e16
-
Size
55KB
-
Sample
221124-1sc21aeh7t
-
MD5
7d4f891f353fbadcbf39634df6e9dc91
-
SHA1
a08cae72f2bc91883f307c384922fc1adcd2a2c7
-
SHA256
98319c8882f4f78cd685921fb0a7bdc6d7bd52aae8e6e480a9009d7aaa326e16
-
SHA512
9da0cedb556ba01dbf2f0c92b4cf6d69031cd69457bb3df21f174c252950518a6b2836ecee2e81c2c8245b49940a829c0ca2fd04db129f207e581eb5b87a0095
-
SSDEEP
768:CygGGiYSj7hoB1b5U88cH1Ne5BKh0p29SgRczrH8zE85CNqlWVLRYe:CWGiYSj7hKXVWKhG29jczrH8j5C0e9f
Behavioral task
behavioral1
Sample
98319c8882f4f78cd685921fb0a7bdc6d7bd52aae8e6e480a9009d7aaa326e16.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
98319c8882f4f78cd685921fb0a7bdc6d7bd52aae8e6e480a9009d7aaa326e16.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
17e873bfcaa25c26ef0c2dc468367fc3
-
reg_key
17e873bfcaa25c26ef0c2dc468367fc3
-
splitter
|'|'|
Targets
-
-
Target
98319c8882f4f78cd685921fb0a7bdc6d7bd52aae8e6e480a9009d7aaa326e16
-
Size
55KB
-
MD5
7d4f891f353fbadcbf39634df6e9dc91
-
SHA1
a08cae72f2bc91883f307c384922fc1adcd2a2c7
-
SHA256
98319c8882f4f78cd685921fb0a7bdc6d7bd52aae8e6e480a9009d7aaa326e16
-
SHA512
9da0cedb556ba01dbf2f0c92b4cf6d69031cd69457bb3df21f174c252950518a6b2836ecee2e81c2c8245b49940a829c0ca2fd04db129f207e581eb5b87a0095
-
SSDEEP
768:CygGGiYSj7hoB1b5U88cH1Ne5BKh0p29SgRczrH8zE85CNqlWVLRYe:CWGiYSj7hKXVWKhG29jczrH8j5C0e9f
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-