General
-
Target
06e685961d92e151e654ccbbbab4aefd2d3f146fc777cc5009277baa3b7159b4
-
Size
272KB
-
Sample
221126-23av3afc4t
-
MD5
3a282cfac08382f2d7375c07940f9928
-
SHA1
9af13e0087e852d97b677b760f48508f8024079f
-
SHA256
06e685961d92e151e654ccbbbab4aefd2d3f146fc777cc5009277baa3b7159b4
-
SHA512
116f2e8e1016004a4fe2e73695b352ff694ad86ebeabec49ad074356bc0b007e84360bd7bf42f2ca5af158c357a40bd88752e30140d23738c558a6bdc29e3181
-
SSDEEP
3072:hx95KsTHRKR8tLHL6mt0IURO25ZnuN9peRVsFJWvf9+XARmhm2I8lgKaMyVWZJm:v95KCxTLrl453uN9oR2FbXe2IfRqfm
Static task
static1
Behavioral task
behavioral1
Sample
06e685961d92e151e654ccbbbab4aefd2d3f146fc777cc5009277baa3b7159b4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
06e685961d92e151e654ccbbbab4aefd2d3f146fc777cc5009277baa3b7159b4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
HAcker BY Ahmed
ahmedabdou.no-ip.biz:1177
6846a95408fac51f94fc52389805f6fc
-
reg_key
6846a95408fac51f94fc52389805f6fc
-
splitter
|'|'|
Targets
-
-
Target
06e685961d92e151e654ccbbbab4aefd2d3f146fc777cc5009277baa3b7159b4
-
Size
272KB
-
MD5
3a282cfac08382f2d7375c07940f9928
-
SHA1
9af13e0087e852d97b677b760f48508f8024079f
-
SHA256
06e685961d92e151e654ccbbbab4aefd2d3f146fc777cc5009277baa3b7159b4
-
SHA512
116f2e8e1016004a4fe2e73695b352ff694ad86ebeabec49ad074356bc0b007e84360bd7bf42f2ca5af158c357a40bd88752e30140d23738c558a6bdc29e3181
-
SSDEEP
3072:hx95KsTHRKR8tLHL6mt0IURO25ZnuN9peRVsFJWvf9+XARmhm2I8lgKaMyVWZJm:v95KCxTLrl453uN9oR2FbXe2IfRqfm
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-