General
-
Target
798301c500221b4dd6c1a9da48b072d4b0cb4d5e1197cf5de6d887b2b27a6efa
-
Size
23KB
-
Sample
221125-ztaslahf2x
-
MD5
7fc8280df342ffd91ecf6b111b82704e
-
SHA1
d3ead92ef2d3a928d1d17df20dbc045bd12b623a
-
SHA256
798301c500221b4dd6c1a9da48b072d4b0cb4d5e1197cf5de6d887b2b27a6efa
-
SHA512
9a26bd5f031170ba2384420f719e8982e9643b1b453e81a623f16a8da6f7f608c7bed647c8a7e6dcfb5f4bc6b6ebf7b37995d67dd502dc8e032ae99b2ce07ad6
-
SSDEEP
384:GluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZmz:pOmhtIiRpcnub
Behavioral task
behavioral1
Sample
798301c500221b4dd6c1a9da48b072d4b0cb4d5e1197cf5de6d887b2b27a6efa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
798301c500221b4dd6c1a9da48b072d4b0cb4d5e1197cf5de6d887b2b27a6efa.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
Victime
adelkabyle.no-ip.biz:1177
8765804f05506e2bf20cdfeb9d11a4c1
-
reg_key
8765804f05506e2bf20cdfeb9d11a4c1
-
splitter
|'|'|
Targets
-
-
Target
798301c500221b4dd6c1a9da48b072d4b0cb4d5e1197cf5de6d887b2b27a6efa
-
Size
23KB
-
MD5
7fc8280df342ffd91ecf6b111b82704e
-
SHA1
d3ead92ef2d3a928d1d17df20dbc045bd12b623a
-
SHA256
798301c500221b4dd6c1a9da48b072d4b0cb4d5e1197cf5de6d887b2b27a6efa
-
SHA512
9a26bd5f031170ba2384420f719e8982e9643b1b453e81a623f16a8da6f7f608c7bed647c8a7e6dcfb5f4bc6b6ebf7b37995d67dd502dc8e032ae99b2ce07ad6
-
SSDEEP
384:GluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZmz:pOmhtIiRpcnub
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-