General
-
Target
ff980ba1ada09aa1539fefa27236c23a321dd075ac7538ec7cac29519d3bba6e
-
Size
1.5MB
-
Sample
221126-kkqecsaa8x
-
MD5
62acb695a8baccb136d49911f38a58ea
-
SHA1
cf0977abb66708f5aef2a4606d065448d39bbfc0
-
SHA256
ff980ba1ada09aa1539fefa27236c23a321dd075ac7538ec7cac29519d3bba6e
-
SHA512
daeed0028080beb28bd944facb6b970b11d27f43a5f7e2a4f80ac09c916156cf1e96c18d63966b22a40315f6fde9e8a171adfd96b6ee185f20f0aaad5c793190
-
SSDEEP
24576:8egV2LlUOwU1OmvLx/mMBT9RHnw1bMtIWz0DvxYIEFV4O3ZH6gTqp:8MTt1OmvLx/mMBT9RHnw1bMtIWz0DvxL
Static task
static1
Behavioral task
behavioral1
Sample
ff980ba1ada09aa1539fefa27236c23a321dd075ac7538ec7cac29519d3bba6e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ff980ba1ada09aa1539fefa27236c23a321dd075ac7538ec7cac29519d3bba6e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed_ByMe
topo2015.no-ip.biz:1177
08f4dc96bbb7af09d1a37fe35c75a42f
-
reg_key
08f4dc96bbb7af09d1a37fe35c75a42f
-
splitter
|'|'|
Targets
-
-
Target
ff980ba1ada09aa1539fefa27236c23a321dd075ac7538ec7cac29519d3bba6e
-
Size
1.5MB
-
MD5
62acb695a8baccb136d49911f38a58ea
-
SHA1
cf0977abb66708f5aef2a4606d065448d39bbfc0
-
SHA256
ff980ba1ada09aa1539fefa27236c23a321dd075ac7538ec7cac29519d3bba6e
-
SHA512
daeed0028080beb28bd944facb6b970b11d27f43a5f7e2a4f80ac09c916156cf1e96c18d63966b22a40315f6fde9e8a171adfd96b6ee185f20f0aaad5c793190
-
SSDEEP
24576:8egV2LlUOwU1OmvLx/mMBT9RHnw1bMtIWz0DvxYIEFV4O3ZH6gTqp:8MTt1OmvLx/mMBT9RHnw1bMtIWz0DvxL
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-