General
-
Target
a4ce06d69cd23436729342c89905819e2a20040e0c661b8a02d4895e45e943c8
-
Size
156KB
-
Sample
221126-t1ataabg3y
-
MD5
36c57457c2c40668e92081f2dfbebdd2
-
SHA1
7413402da144374be19572798e14efe51e72a1cd
-
SHA256
a4ce06d69cd23436729342c89905819e2a20040e0c661b8a02d4895e45e943c8
-
SHA512
dab1faf27e8d91b253596d78836bc594a56354af0dbb3530f9fa4cc26194d6f4cfecd16e4911bc4dedf2cee9cf2a9ff38c2ecdc614a08cde7b37fc431fc06b11
-
SSDEEP
3072:Wp9ei9ELN8n4bS8Zl9QJKiFS+RRHlOHdflkRBmolz4wPG:Xi9v4bfL9QJxk+/kFmRf4
Static task
static1
Behavioral task
behavioral1
Sample
a4ce06d69cd23436729342c89905819e2a20040e0c661b8a02d4895e45e943c8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a4ce06d69cd23436729342c89905819e2a20040e0c661b8a02d4895e45e943c8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.6.4
new1
yourmain.no-ip.info:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
a4ce06d69cd23436729342c89905819e2a20040e0c661b8a02d4895e45e943c8
-
Size
156KB
-
MD5
36c57457c2c40668e92081f2dfbebdd2
-
SHA1
7413402da144374be19572798e14efe51e72a1cd
-
SHA256
a4ce06d69cd23436729342c89905819e2a20040e0c661b8a02d4895e45e943c8
-
SHA512
dab1faf27e8d91b253596d78836bc594a56354af0dbb3530f9fa4cc26194d6f4cfecd16e4911bc4dedf2cee9cf2a9ff38c2ecdc614a08cde7b37fc431fc06b11
-
SSDEEP
3072:Wp9ei9ELN8n4bS8Zl9QJKiFS+RRHlOHdflkRBmolz4wPG:Xi9v4bfL9QJxk+/kFmRf4
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-