General
-
Target
aa80cae810711ca0ea258de9653d3a69443487d7200524b04bdf79e935030d05
-
Size
23KB
-
Sample
221126-kme2eaab5x
-
MD5
2dabbfd1154063c634a02088245ab38a
-
SHA1
d6d7fdbac909031163abc5efddb65a6d2cd19f8b
-
SHA256
aa80cae810711ca0ea258de9653d3a69443487d7200524b04bdf79e935030d05
-
SHA512
d98810798aca00cb7c5d4b464324cc3c7a16cf2e064e708ffdbaad919f8f015b4b6565d45074205fb8bd634fdf956916c7c5c01e98d62f3386bc8a55f256cc2f
-
SSDEEP
384:cluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZN2:LOmhtIiRpcnuz
Behavioral task
behavioral1
Sample
aa80cae810711ca0ea258de9653d3a69443487d7200524b04bdf79e935030d05.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
aa80cae810711ca0ea258de9653d3a69443487d7200524b04bdf79e935030d05.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
b93aa3e84ec38700c903e58a4a356f51
-
reg_key
b93aa3e84ec38700c903e58a4a356f51
-
splitter
|'|'|
Targets
-
-
Target
aa80cae810711ca0ea258de9653d3a69443487d7200524b04bdf79e935030d05
-
Size
23KB
-
MD5
2dabbfd1154063c634a02088245ab38a
-
SHA1
d6d7fdbac909031163abc5efddb65a6d2cd19f8b
-
SHA256
aa80cae810711ca0ea258de9653d3a69443487d7200524b04bdf79e935030d05
-
SHA512
d98810798aca00cb7c5d4b464324cc3c7a16cf2e064e708ffdbaad919f8f015b4b6565d45074205fb8bd634fdf956916c7c5c01e98d62f3386bc8a55f256cc2f
-
SSDEEP
384:cluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZN2:LOmhtIiRpcnuz
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-