General
-
Target
41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3
-
Size
79KB
-
Sample
221124-dxnb7shc2s
-
MD5
d072c6322f3801ac5716d160b4c85f91
-
SHA1
796184c1accff04d4a9e97e97cc44a56ccc82eb5
-
SHA256
41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3
-
SHA512
7979174f48c7ea64fa35458749c5dca1faa063baccda43a69cdedadafffa2c2b5f13d5e724e2db9abbb5d41437c00504d1a16de4f92959e1e3d13b1469168218
-
SSDEEP
1536:3lyT1FJoK9k07KpkEuTuNP0n8X3cS0A3PtKkQ4W9LJo3ukNlY3IxOK:3lyhFcJWEuTuNP1XMSN1VQ4WTo3lY3Gl
Static task
static1
Behavioral task
behavioral1
Sample
41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
Youtube
user882019.dlinkddns.com:426
d843798dc61a43adefb14767229d07cf
-
reg_key
d843798dc61a43adefb14767229d07cf
-
splitter
|'|'|
Targets
-
-
Target
41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3
-
Size
79KB
-
MD5
d072c6322f3801ac5716d160b4c85f91
-
SHA1
796184c1accff04d4a9e97e97cc44a56ccc82eb5
-
SHA256
41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3
-
SHA512
7979174f48c7ea64fa35458749c5dca1faa063baccda43a69cdedadafffa2c2b5f13d5e724e2db9abbb5d41437c00504d1a16de4f92959e1e3d13b1469168218
-
SSDEEP
1536:3lyT1FJoK9k07KpkEuTuNP0n8X3cS0A3PtKkQ4W9LJo3ukNlY3IxOK:3lyhFcJWEuTuNP1XMSN1VQ4WTo3lY3Gl
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-