General
-
Target
0ce8e23976298201accb8f85d6283730b86c53b23e597f8a81809eccf7b5aa60
-
Size
366KB
-
Sample
221126-vgh6zshh92
-
MD5
a14b4405f4f6bbdecd95dfe12f6a8fc3
-
SHA1
e05fa32c6b856ce97a6c72c522e3c344fdd387c3
-
SHA256
0ce8e23976298201accb8f85d6283730b86c53b23e597f8a81809eccf7b5aa60
-
SHA512
9f2af3a349ca33fd2f68476fa87cc50ce7143c653daee55e41fe9deb980d208b320c8baa1248a2af037a2d826a6e5d6e648d87110c51f7c0159dd52e991dfa90
-
SSDEEP
6144:CuNUGc+PIaSgm56pWiifTdy0v50Cb6Vku0XiPClM7NNnpy1NqX07rA7b:hJc+P6r5CWinMHCZgWNNnw1NqE7rC
Static task
static1
Behavioral task
behavioral1
Sample
0ce8e23976298201accb8f85d6283730b86c53b23e597f8a81809eccf7b5aa60.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0ce8e23976298201accb8f85d6283730b86c53b23e597f8a81809eccf7b5aa60.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.6.4
XxxRIEZOaaXXX
hasvan212.ddns.net:81
5f805e177fa7c673482c92c255460b67
-
reg_key
5f805e177fa7c673482c92c255460b67
-
splitter
|'|'|
Targets
-
-
Target
0ce8e23976298201accb8f85d6283730b86c53b23e597f8a81809eccf7b5aa60
-
Size
366KB
-
MD5
a14b4405f4f6bbdecd95dfe12f6a8fc3
-
SHA1
e05fa32c6b856ce97a6c72c522e3c344fdd387c3
-
SHA256
0ce8e23976298201accb8f85d6283730b86c53b23e597f8a81809eccf7b5aa60
-
SHA512
9f2af3a349ca33fd2f68476fa87cc50ce7143c653daee55e41fe9deb980d208b320c8baa1248a2af037a2d826a6e5d6e648d87110c51f7c0159dd52e991dfa90
-
SSDEEP
6144:CuNUGc+PIaSgm56pWiifTdy0v50Cb6Vku0XiPClM7NNnpy1NqX07rA7b:hJc+P6r5CWinMHCZgWNNnw1NqE7rC
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-