General
-
Target
77d32503cef31dc249996ca85404b56ef6fb97f02f3c21378f2b80b8fab8913a
-
Size
628KB
-
Sample
221125-s37qcsca5x
-
MD5
32618460447cf4a7b52f2f3738701cb6
-
SHA1
edbc1a16e4a5f5f2478f898b6b8a0a9c28e2140a
-
SHA256
77d32503cef31dc249996ca85404b56ef6fb97f02f3c21378f2b80b8fab8913a
-
SHA512
7ac26eba673f710ac85d2ae133165eb9d68b1a2ccb4709203e08a4159f7eec961e875fef0d61a449830f418f605a19c3bcb4794db36f0cfe3bda7e1323df4000
-
SSDEEP
12288:EK/R+xDNXvwUmBnpSz22rDvH7h5vVws4sL+cer/B+A3Fg2XFnTjW:QdwLFpSzFDvF7w3sFS/B++FT
Static task
static1
Behavioral task
behavioral1
Sample
77d32503cef31dc249996ca85404b56ef6fb97f02f3c21378f2b80b8fab8913a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
77d32503cef31dc249996ca85404b56ef6fb97f02f3c21378f2b80b8fab8913a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
XbOoH
madrid7.zapto.org:1177
be03385064ece2f2ea31c1c1cbb33041
-
reg_key
be03385064ece2f2ea31c1c1cbb33041
-
splitter
|'|'|
Targets
-
-
Target
77d32503cef31dc249996ca85404b56ef6fb97f02f3c21378f2b80b8fab8913a
-
Size
628KB
-
MD5
32618460447cf4a7b52f2f3738701cb6
-
SHA1
edbc1a16e4a5f5f2478f898b6b8a0a9c28e2140a
-
SHA256
77d32503cef31dc249996ca85404b56ef6fb97f02f3c21378f2b80b8fab8913a
-
SHA512
7ac26eba673f710ac85d2ae133165eb9d68b1a2ccb4709203e08a4159f7eec961e875fef0d61a449830f418f605a19c3bcb4794db36f0cfe3bda7e1323df4000
-
SSDEEP
12288:EK/R+xDNXvwUmBnpSz22rDvH7h5vVws4sL+cer/B+A3Fg2XFnTjW:QdwLFpSzFDvF7w3sFS/B++FT
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-