General
-
Target
2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
-
Size
2.5MB
-
Sample
221126-r6b77abf32
-
MD5
faa0e44518d5f3aa9f72015e49291bc8
-
SHA1
ddc71817abc5d6ddfa3377e28e7cd1e87cdc0902
-
SHA256
2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
-
SHA512
a594a4108fb16310310c56cb6bba665a75086aaec2aef2f45b709aefba0304807d0e73a705edf13ae68a8a4fdc79ce7473ac2f94b86f0be0c30d8f3566f3bf2b
-
SSDEEP
49152:RN/JfNa7cQSmfn186ys9bUqDprVmGRTn:RZJfNa7cQSmfdprlRTn
Behavioral task
behavioral1
Sample
2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
ضحايا علي سلام
127.0.0.1:5533
2b04263860ba57bc8c7050f703146a3a
-
reg_key
2b04263860ba57bc8c7050f703146a3a
-
splitter
|'|'|
Targets
-
-
Target
2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
-
Size
2.5MB
-
MD5
faa0e44518d5f3aa9f72015e49291bc8
-
SHA1
ddc71817abc5d6ddfa3377e28e7cd1e87cdc0902
-
SHA256
2d673b75815b3fddd5ee5a299e0411aef712e0f516e6892ad49eddc787c49aa9
-
SHA512
a594a4108fb16310310c56cb6bba665a75086aaec2aef2f45b709aefba0304807d0e73a705edf13ae68a8a4fdc79ce7473ac2f94b86f0be0c30d8f3566f3bf2b
-
SSDEEP
49152:RN/JfNa7cQSmfn186ys9bUqDprVmGRTn:RZJfNa7cQSmfdprlRTn
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-