General
-
Target
9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4
-
Size
214KB
-
Sample
221124-eye8nagg55
-
MD5
871a3bc78da35b8fb741767ca5b913f9
-
SHA1
417d92e9ca258460fa139008bb9ecd609d7066d6
-
SHA256
9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4
-
SHA512
92d4f900cf0fa35487d300f5692e73ea1bee07d3bbdd3b0344833c6937091e96545b5969db6f9fb68b39b1525527075ff291081679e103a6c0acd6dc6be02e6b
-
SSDEEP
6144:GO7OEm960r90zd7qr9pJdHcy805rYYG6cY3:D6xSz1qHfHcyBBLG83
Static task
static1
Behavioral task
behavioral1
Sample
9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
njrat7p.no-ip.org:5552
9036b40d3b738ec82d6d7fa0c2c48267
-
reg_key
9036b40d3b738ec82d6d7fa0c2c48267
-
splitter
|'|'|
Targets
-
-
Target
9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4
-
Size
214KB
-
MD5
871a3bc78da35b8fb741767ca5b913f9
-
SHA1
417d92e9ca258460fa139008bb9ecd609d7066d6
-
SHA256
9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4
-
SHA512
92d4f900cf0fa35487d300f5692e73ea1bee07d3bbdd3b0344833c6937091e96545b5969db6f9fb68b39b1525527075ff291081679e103a6c0acd6dc6be02e6b
-
SSDEEP
6144:GO7OEm960r90zd7qr9pJdHcy805rYYG6cY3:D6xSz1qHfHcyBBLG83
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-