General
-
Target
ebce1f09c5525573454b70adfdb3e1a4b1ab587f27305d77483410eb857162b2
-
Size
135KB
-
Sample
221125-27aqvsgg8w
-
MD5
fa87a54109a44c9f85da8ef2714a9f49
-
SHA1
19ce8dd6c33b89e82e75247b841dd3aea57e8cf5
-
SHA256
ebce1f09c5525573454b70adfdb3e1a4b1ab587f27305d77483410eb857162b2
-
SHA512
ab72df8ee41c2a601ea8c6c82dfe2b708dfa61e3be70f4d2fe98c404f896b17ebb8c9146588b0dfacaedcc1c8a2de7664a444e435301839941d437eda17860f9
-
SSDEEP
768:IqW4V6+yDRpcnuZrnskz+09lQk4GzjV0XEc2JP1iK2SwX7R81yqBP:jW4VcDRWuZL/SclQBY50XvUP1R1fF
Behavioral task
behavioral1
Sample
ebce1f09c5525573454b70adfdb3e1a4b1ab587f27305d77483410eb857162b2.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.7d
Hacked
maistro.no-ip.org:1177
89858a26c3b4f367dbcfa95959e39d35
-
reg_key
89858a26c3b4f367dbcfa95959e39d35
-
splitter
|'|'|
Targets
-
-
Target
ebce1f09c5525573454b70adfdb3e1a4b1ab587f27305d77483410eb857162b2
-
Size
135KB
-
MD5
fa87a54109a44c9f85da8ef2714a9f49
-
SHA1
19ce8dd6c33b89e82e75247b841dd3aea57e8cf5
-
SHA256
ebce1f09c5525573454b70adfdb3e1a4b1ab587f27305d77483410eb857162b2
-
SHA512
ab72df8ee41c2a601ea8c6c82dfe2b708dfa61e3be70f4d2fe98c404f896b17ebb8c9146588b0dfacaedcc1c8a2de7664a444e435301839941d437eda17860f9
-
SSDEEP
768:IqW4V6+yDRpcnuZrnskz+09lQk4GzjV0XEc2JP1iK2SwX7R81yqBP:jW4VcDRWuZL/SclQBY50XvUP1R1fF
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-