General
-
Target
58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
-
Size
1.9MB
-
Sample
221125-k9ts3sbb5y
-
MD5
38ea6558716e1b9a30a34436921f3d75
-
SHA1
ad17715a31b524a1c215bd4c8399e24123f30d16
-
SHA256
58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
-
SHA512
9537c6972021a47296fc7150fb5babe538cb11f5d3a7c6d4955f402c2ef57a971e93d00847519f1599387e91adf62bfcceac5e90e19fef4c56ab781cae84d650
-
SSDEEP
12288:Vb6e32OKSj+TMb6GOCAUzltY8OMcHdDDbtb0r1KKUCUgxV3378For7OlBgRlvj9L:YtT/OH65WxYFZExj9//k//Ic
Static task
static1
Behavioral task
behavioral1
Sample
58948898805076345eb046014a3c10649156088a1529d325220217afc752b077.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
58948898805076345eb046014a3c10649156088a1529d325220217afc752b077.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
haked
kazimalia100.ddns.net:5552
dffedddd32431063c53a5e694a9739a2
-
reg_key
dffedddd32431063c53a5e694a9739a2
-
splitter
|'|'|
Targets
-
-
Target
58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
-
Size
1.9MB
-
MD5
38ea6558716e1b9a30a34436921f3d75
-
SHA1
ad17715a31b524a1c215bd4c8399e24123f30d16
-
SHA256
58948898805076345eb046014a3c10649156088a1529d325220217afc752b077
-
SHA512
9537c6972021a47296fc7150fb5babe538cb11f5d3a7c6d4955f402c2ef57a971e93d00847519f1599387e91adf62bfcceac5e90e19fef4c56ab781cae84d650
-
SSDEEP
12288:Vb6e32OKSj+TMb6GOCAUzltY8OMcHdDDbtb0r1KKUCUgxV3378For7OlBgRlvj9L:YtT/OH65WxYFZExj9//k//Ic
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-