General
-
Target
406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c
-
Size
36KB
-
Sample
221125-jv4t3aga4t
-
MD5
3f372e7a22a7a5c24e5f474de961639b
-
SHA1
0da76f4e4c8745ce09cc4c5d875c50148dab8e88
-
SHA256
406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c
-
SHA512
652902d51aaef62323e8d0096b48b6a3be733ebfe77fec3fce6d67bf5dde12634c8f6f71c9501959a35e9232abd9a78881e886849f49f9fef9f170b57eea25ba
-
SSDEEP
384:dI2SUwXh0ZbAzlRGCvkodj46hgHK0hrV5mRvR6JZlbw8hqIusZzZEChEJlbz602c:CbhEkdvXRpcnuchEJVzcJAaOu0GG
Behavioral task
behavioral1
Sample
406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
Subway Surfers
daiodsaber.no-ip.biz:5552
b9da61d8a029b19f539cf3803f98e1cd
-
reg_key
b9da61d8a029b19f539cf3803f98e1cd
-
splitter
|'|'|
Targets
-
-
Target
406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c
-
Size
36KB
-
MD5
3f372e7a22a7a5c24e5f474de961639b
-
SHA1
0da76f4e4c8745ce09cc4c5d875c50148dab8e88
-
SHA256
406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c
-
SHA512
652902d51aaef62323e8d0096b48b6a3be733ebfe77fec3fce6d67bf5dde12634c8f6f71c9501959a35e9232abd9a78881e886849f49f9fef9f170b57eea25ba
-
SSDEEP
384:dI2SUwXh0ZbAzlRGCvkodj46hgHK0hrV5mRvR6JZlbw8hqIusZzZEChEJlbz602c:CbhEkdvXRpcnuchEJVzcJAaOu0GG
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-