General
-
Target
089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1
-
Size
2.3MB
-
Sample
221126-tsvhqabc4t
-
MD5
686df444b5aba01a73b427ce6e1457ae
-
SHA1
0c8fbdfa9f81585f0a7752ad0175ddb317bb24d7
-
SHA256
089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1
-
SHA512
159e766a9f8a673f5964c9f27654c0833d2a9162bc53e070351e932206c3a962937b12835efa556e06de48e43924da2903ff83dca6514fe3df2fe0db121e9ec0
-
SSDEEP
24576:pwYZ4kGOYTnTDolUaNcTkkD9iSe87AAFmHs205LvLTV:uYpYTTDoXNcVoSe87FFmHB05Lv
Static task
static1
Behavioral task
behavioral1
Sample
089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
Resource
win7-20221111-en
Malware Config
Extracted
njrat
0.7d
victime
achiille1607b.no-ip.biz:1177
4d8f1dc021f465efab135a3c3a22d781
-
reg_key
4d8f1dc021f465efab135a3c3a22d781
-
splitter
|'|'|
Targets
-
-
Target
089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1
-
Size
2.3MB
-
MD5
686df444b5aba01a73b427ce6e1457ae
-
SHA1
0c8fbdfa9f81585f0a7752ad0175ddb317bb24d7
-
SHA256
089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1
-
SHA512
159e766a9f8a673f5964c9f27654c0833d2a9162bc53e070351e932206c3a962937b12835efa556e06de48e43924da2903ff83dca6514fe3df2fe0db121e9ec0
-
SSDEEP
24576:pwYZ4kGOYTnTDolUaNcTkkD9iSe87AAFmHs205LvLTV:uYpYTTDoXNcVoSe87FFmHB05Lv
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-