General
-
Target
5238bda5d2a35525c043b2140f9e80ff30045b5230d07a87436606fb2d606a6d
-
Size
74KB
-
Sample
221125-l8ylbahg94
-
MD5
95f0327d26ea34d88c34ba0374d96f31
-
SHA1
4276f0f1d258a4d65e17665eb4de4970fc1c5cd9
-
SHA256
5238bda5d2a35525c043b2140f9e80ff30045b5230d07a87436606fb2d606a6d
-
SHA512
d768d3ac9e5780ed63f5430f02d10af5ffbe0d7f066b0f22e13b9839af4a6de4b44b7ac6ca5f5b0e61b75ced2a3fc59c62b11a4001b07aace7f2592905dc2fa9
-
SSDEEP
1536:/m5I1pfBlTygdtMFyMQUZDBKafTpHfLjva+x9rru4zJpCcS:O5odtcyMQUZDBKaRjjvaO9rzJpCt
Behavioral task
behavioral1
Sample
5238bda5d2a35525c043b2140f9e80ff30045b5230d07a87436606fb2d606a6d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5238bda5d2a35525c043b2140f9e80ff30045b5230d07a87436606fb2d606a6d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7.3
Lime
127.0.0.1:6522
Client2.exe
-
reg_key
Client2.exe
-
splitter
12345
Targets
-
-
Target
5238bda5d2a35525c043b2140f9e80ff30045b5230d07a87436606fb2d606a6d
-
Size
74KB
-
MD5
95f0327d26ea34d88c34ba0374d96f31
-
SHA1
4276f0f1d258a4d65e17665eb4de4970fc1c5cd9
-
SHA256
5238bda5d2a35525c043b2140f9e80ff30045b5230d07a87436606fb2d606a6d
-
SHA512
d768d3ac9e5780ed63f5430f02d10af5ffbe0d7f066b0f22e13b9839af4a6de4b44b7ac6ca5f5b0e61b75ced2a3fc59c62b11a4001b07aace7f2592905dc2fa9
-
SSDEEP
1536:/m5I1pfBlTygdtMFyMQUZDBKafTpHfLjva+x9rru4zJpCcS:O5odtcyMQUZDBKaRjjvaO9rzJpCt
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-