General
-
Target
14e7527286628b9a3db838dcb20e96a56f5d9bedbe38b6b06fc3caf7b2ea3eb6
-
Size
10KB
-
Sample
221126-vgpc1ahh98
-
MD5
37902d644ff9f4a8e0941d0a2099a7fc
-
SHA1
ec902a42d2030ab17d273bc8369d8e2eaee84ebb
-
SHA256
14e7527286628b9a3db838dcb20e96a56f5d9bedbe38b6b06fc3caf7b2ea3eb6
-
SHA512
aae032538ebc0ff8c0b9265f818e0f73db23863f5c4b43acb9a363317b191830e76eff7ce65199d8690092b68025f4aa0597647a4a78c3ef58e8cbd0292ddabd
-
SSDEEP
192:p26qcDE3ddJ7z593GqsR1IzMrzF5DGcSkQ70mM3NT/gTTAtABglRvKmY:U6qckddBLkR+zMvGOFdbgsA6RvKmY
Behavioral task
behavioral1
Sample
onling.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
onling.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
dofus
volkov2014.ddns.net:123
3634b8c969047b1aa244e63e9c21a96a
-
reg_key
3634b8c969047b1aa244e63e9c21a96a
-
splitter
|'|'|
Targets
-
-
Target
onling.exe
-
Size
23KB
-
MD5
e49ba092469c2d5813bdf3259050f977
-
SHA1
1d65cb5388cfc4ae2f91531e8dcb3b1caa598076
-
SHA256
8eb3eb1266c7ec59095e1391ec473eda426303e773ff4f595d9a5e2affb37d3a
-
SHA512
5463a3704d9339db4a2c7fe2d77000eb1c37a35ecb8fcca2ce89fede49e7390af93a00c306c177bb76cbe4d06ab212009605d38e3f8cc3546eb3057220b81a14
-
SSDEEP
384:4+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZNc:nm+71d5XRpcnu5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-