General
-
Target
9bd626994cd735b87e16373579f887dd8f17ee955a7cfc7a5840420bc9724492
-
Size
11KB
-
Sample
221126-kl4ndaab4x
-
MD5
8c9224715516df79631e045d204605f5
-
SHA1
32b4e1ab5c83e96d08dd599ed8d0f1ba388e7be3
-
SHA256
9bd626994cd735b87e16373579f887dd8f17ee955a7cfc7a5840420bc9724492
-
SHA512
8d6fdee6a1802fc94e47d2e246ab76bffc3980a0217d1fc6de277ca3d6256db0346554c56fcbe3f62a94ad758c9547edf3486c53350f93c3c9795200a31c0c18
-
SSDEEP
192:gOYVidOJYx4oJgn26r4GkFDXiRNDvYBm9QF2k7b2iAjIDc6aK:gv8m8jJI+aFvYBmh4b2i53aK
Behavioral task
behavioral1
Sample
Users/win7/Desktop/Server.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Users/win7/Desktop/Server.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
hacke
yusifhacker123.no-ip.biz:5552
b5fa757354bbe4709ff7d91d5edc7795
-
reg_key
b5fa757354bbe4709ff7d91d5edc7795
-
splitter
|'|'|
Targets
-
-
Target
Users/win7/Desktop/Server.exe
-
Size
23KB
-
MD5
7195a553b760af0b64a685f8dea1900d
-
SHA1
6c50a8f5357135e7f738664bf633e8bbc2cbeee8
-
SHA256
918262180108f962670a5b413a00e8ff193fe50873a176f68241960dc62480d4
-
SHA512
d67c1a715182dfc4945a210e64a305f02b227d78adf5731601bb774ed62fe9b91b547ad2a8f9fd4d331ccba1d347590cb8812b2e9af83b785925e59ca3e616f9
-
SSDEEP
384:E4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZ4dJ:GOaxVULRpcnut
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-