General
-
Target
a48a35de20780f8bd6609e2f4b22ab85b9de941cb7f273ef10c7762f97c95e09
-
Size
351KB
-
Sample
221125-h51dysaf24
-
MD5
f6a2e51a5c5833d8f5c1a3d6ffbe3c07
-
SHA1
b336f199a3c649d0977eb8cd300d189eebaeff33
-
SHA256
a48a35de20780f8bd6609e2f4b22ab85b9de941cb7f273ef10c7762f97c95e09
-
SHA512
24e805f252551727fcbf04ebb46e7a9d724503f998986228af1bed7d7a38ed3abb2583606e3b9c97b0972a8ea7075a36646922eaa0ed6564cc2e1578e4d9b140
-
SSDEEP
3072:fyPBA+KQhHiRbAWomWWH2r4OvQ2U2Gfqg:cPhC9c4WJI2U2G
Static task
static1
Behavioral task
behavioral1
Sample
a48a35de20780f8bd6609e2f4b22ab85b9de941cb7f273ef10c7762f97c95e09.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a48a35de20780f8bd6609e2f4b22ab85b9de941cb7f273ef10c7762f97c95e09.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
gladyatur.no-ip.biz:1177
7d4202c786018140643e0e039bfe6922
-
reg_key
7d4202c786018140643e0e039bfe6922
-
splitter
|'|'|
Targets
-
-
Target
a48a35de20780f8bd6609e2f4b22ab85b9de941cb7f273ef10c7762f97c95e09
-
Size
351KB
-
MD5
f6a2e51a5c5833d8f5c1a3d6ffbe3c07
-
SHA1
b336f199a3c649d0977eb8cd300d189eebaeff33
-
SHA256
a48a35de20780f8bd6609e2f4b22ab85b9de941cb7f273ef10c7762f97c95e09
-
SHA512
24e805f252551727fcbf04ebb46e7a9d724503f998986228af1bed7d7a38ed3abb2583606e3b9c97b0972a8ea7075a36646922eaa0ed6564cc2e1578e4d9b140
-
SSDEEP
3072:fyPBA+KQhHiRbAWomWWH2r4OvQ2U2Gfqg:cPhC9c4WJI2U2G
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-