General
-
Target
4c91884307199fbadb8aa41ce6d6bdef10e0d185737f75c79dbe28e62267c37b
-
Size
1.1MB
-
Sample
221125-b85phsgb2x
-
MD5
6d614c1cc6113efb12d0d7eb0147db64
-
SHA1
6e2ec4f4e73a358849c9b147428dbdb609d043f1
-
SHA256
4c91884307199fbadb8aa41ce6d6bdef10e0d185737f75c79dbe28e62267c37b
-
SHA512
78158ab786852d597a084a5f55401ae087468ae02ae077d56593c68eb4f0464b2573ba1347c9c0cd7a58409194232d2eb12a446b72e53ff569251668d25de007
-
SSDEEP
24576:Itb20pkaCqT5TBWgNQ7aGSbRNn0eeiN/P+U7F16A:RVg5tQ7aGocen+U35
Static task
static1
Behavioral task
behavioral1
Sample
4c91884307199fbadb8aa41ce6d6bdef10e0d185737f75c79dbe28e62267c37b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4c91884307199fbadb8aa41ce6d6bdef10e0d185737f75c79dbe28e62267c37b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
u0lf4ÓßgÒiNBMìNñõÛÃáÍÚÒæÉâgþ
193.0.200.131:35689
abde6d91c02e072e675204de91168fab
-
reg_key
abde6d91c02e072e675204de91168fab
-
splitter
|'|'|
Targets
-
-
Target
4c91884307199fbadb8aa41ce6d6bdef10e0d185737f75c79dbe28e62267c37b
-
Size
1.1MB
-
MD5
6d614c1cc6113efb12d0d7eb0147db64
-
SHA1
6e2ec4f4e73a358849c9b147428dbdb609d043f1
-
SHA256
4c91884307199fbadb8aa41ce6d6bdef10e0d185737f75c79dbe28e62267c37b
-
SHA512
78158ab786852d597a084a5f55401ae087468ae02ae077d56593c68eb4f0464b2573ba1347c9c0cd7a58409194232d2eb12a446b72e53ff569251668d25de007
-
SSDEEP
24576:Itb20pkaCqT5TBWgNQ7aGSbRNn0eeiN/P+U7F16A:RVg5tQ7aGocen+U35
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-