General
-
Target
2f0e0aeb71609514832d6e80783518eb0efedaf52fe6abdc9f47270e91b6a33f
-
Size
710KB
-
Sample
221126-qmwbaafd48
-
MD5
1d1f0520530466ef7dfb1b7bfef3e589
-
SHA1
41dc772cd170d40279ad7347837bf7a6ec2d3ee2
-
SHA256
2f0e0aeb71609514832d6e80783518eb0efedaf52fe6abdc9f47270e91b6a33f
-
SHA512
88ed865d725e6c436fd80a77f8bfcf108a77095f078c0b8f711b8de0782dacaecb5c727729d5e927b4433517516ef5c33927e2f11505931de49d59afe4dad840
-
SSDEEP
12288:oH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSsf8QuP2rX:obCj2sObHtqQ4Qu+z
Static task
static1
Behavioral task
behavioral1
Sample
2f0e0aeb71609514832d6e80783518eb0efedaf52fe6abdc9f47270e91b6a33f.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.7d
Bot
smuktnet.ddns.net:5552
d5bf5ee18952025404f8d39dc09f66a5
-
reg_key
d5bf5ee18952025404f8d39dc09f66a5
-
splitter
|'|'|
Targets
-
-
Target
2f0e0aeb71609514832d6e80783518eb0efedaf52fe6abdc9f47270e91b6a33f
-
Size
710KB
-
MD5
1d1f0520530466ef7dfb1b7bfef3e589
-
SHA1
41dc772cd170d40279ad7347837bf7a6ec2d3ee2
-
SHA256
2f0e0aeb71609514832d6e80783518eb0efedaf52fe6abdc9f47270e91b6a33f
-
SHA512
88ed865d725e6c436fd80a77f8bfcf108a77095f078c0b8f711b8de0782dacaecb5c727729d5e927b4433517516ef5c33927e2f11505931de49d59afe4dad840
-
SSDEEP
12288:oH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSsf8QuP2rX:obCj2sObHtqQ4Qu+z
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-