General
-
Target
741beef8e611d73fc6f7a43628542d33f2ed2b4a5abcea9b63e325293ba5f658
-
Size
29KB
-
Sample
221124-krkgpacd53
-
MD5
711ca078a67fad75a8118b363dd2890c
-
SHA1
83e35fe72f83c0ed8678ed5cdc45f6823968dca5
-
SHA256
741beef8e611d73fc6f7a43628542d33f2ed2b4a5abcea9b63e325293ba5f658
-
SHA512
4317f65095871a03f6b5c2e85ff79f0d4d6e6a5d8310d79029b95a9a360cfaf65ba8838c29caaa2b6724125b10cd8637ba76dfaf51c4427e8abd8c5b89afaba9
-
SSDEEP
768:fx77Kk4XeP/Fzsq+xre6BKh0p29SgRpo:l7K7W4zx3KhG29jpo
Behavioral task
behavioral1
Sample
741beef8e611d73fc6f7a43628542d33f2ed2b4a5abcea9b63e325293ba5f658.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
741beef8e611d73fc6f7a43628542d33f2ed2b4a5abcea9b63e325293ba5f658.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.6.4
HacKed
jookerjooker.no-ip.biz:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
741beef8e611d73fc6f7a43628542d33f2ed2b4a5abcea9b63e325293ba5f658
-
Size
29KB
-
MD5
711ca078a67fad75a8118b363dd2890c
-
SHA1
83e35fe72f83c0ed8678ed5cdc45f6823968dca5
-
SHA256
741beef8e611d73fc6f7a43628542d33f2ed2b4a5abcea9b63e325293ba5f658
-
SHA512
4317f65095871a03f6b5c2e85ff79f0d4d6e6a5d8310d79029b95a9a360cfaf65ba8838c29caaa2b6724125b10cd8637ba76dfaf51c4427e8abd8c5b89afaba9
-
SSDEEP
768:fx77Kk4XeP/Fzsq+xre6BKh0p29SgRpo:l7K7W4zx3KhG29jpo
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-