General
-
Target
e23d2c38f9950e240224323130432eb402990c609078ad23820450a3eff0c553
-
Size
23KB
-
Sample
221126-kmm21sab6x
-
MD5
74780f3763b7d5b363fef25920dbadb9
-
SHA1
8c6de60d4b88c9b5157acdd94e50d9495f45ceaf
-
SHA256
e23d2c38f9950e240224323130432eb402990c609078ad23820450a3eff0c553
-
SHA512
132363ced9472520f7a8a6bd7a362ba310a353ea60d108e8a26e8a780e0e47f57ba3f312bf403d9e5d96eaa92170fe254b96c8f7af99f6d8aded6e69780c42e2
-
SSDEEP
384:vcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZBu:030py6vhxaRpcnuD
Behavioral task
behavioral1
Sample
e23d2c38f9950e240224323130432eb402990c609078ad23820450a3eff0c553.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e23d2c38f9950e240224323130432eb402990c609078ad23820450a3eff0c553.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
fuzzyhf.duckdns.org:83
f5745fbc2df9d21e00fadcaa45b4b04a
-
reg_key
f5745fbc2df9d21e00fadcaa45b4b04a
-
splitter
|'|'|
Targets
-
-
Target
e23d2c38f9950e240224323130432eb402990c609078ad23820450a3eff0c553
-
Size
23KB
-
MD5
74780f3763b7d5b363fef25920dbadb9
-
SHA1
8c6de60d4b88c9b5157acdd94e50d9495f45ceaf
-
SHA256
e23d2c38f9950e240224323130432eb402990c609078ad23820450a3eff0c553
-
SHA512
132363ced9472520f7a8a6bd7a362ba310a353ea60d108e8a26e8a780e0e47f57ba3f312bf403d9e5d96eaa92170fe254b96c8f7af99f6d8aded6e69780c42e2
-
SSDEEP
384:vcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZBu:030py6vhxaRpcnuD
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-