General
-
Target
52a7c3a95c263d495d5d45cbc52eedfd797ae2e6ab9627332c1abbf974f297fd
-
Size
584KB
-
Sample
221126-xmpxtsba2s
-
MD5
9e1c70e7770ca64967f73b879df6c7ca
-
SHA1
df4df04598e45b4f5ea4169f46b4681dc0eada3d
-
SHA256
52a7c3a95c263d495d5d45cbc52eedfd797ae2e6ab9627332c1abbf974f297fd
-
SHA512
6c181ceae4501eca04acec0fb3e4573f5a4e250c6448e873ebdf7614c38b055c22558ee929a33e06de426d3593cd6b70a98f7849c1367b5c1bf98bc9c834b686
-
SSDEEP
12288:Jat0EAH49n8BXUkq8xGc55FnU1zRu14+2J1WJeJ+zHn1cS5eS7lU2HzFqs/Fu3:4t24/kqU5M1zx/WJSOn1c3OXzFq1
Static task
static1
Behavioral task
behavioral1
Sample
52a7c3a95c263d495d5d45cbc52eedfd797ae2e6ab9627332c1abbf974f297fd.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
0.6.4
100
vantora.no-ip.biz:4700
f3fd317a99c802aeb53d1d3eff0f6056
-
reg_key
f3fd317a99c802aeb53d1d3eff0f6056
-
splitter
|'|'|
Targets
-
-
Target
52a7c3a95c263d495d5d45cbc52eedfd797ae2e6ab9627332c1abbf974f297fd
-
Size
584KB
-
MD5
9e1c70e7770ca64967f73b879df6c7ca
-
SHA1
df4df04598e45b4f5ea4169f46b4681dc0eada3d
-
SHA256
52a7c3a95c263d495d5d45cbc52eedfd797ae2e6ab9627332c1abbf974f297fd
-
SHA512
6c181ceae4501eca04acec0fb3e4573f5a4e250c6448e873ebdf7614c38b055c22558ee929a33e06de426d3593cd6b70a98f7849c1367b5c1bf98bc9c834b686
-
SSDEEP
12288:Jat0EAH49n8BXUkq8xGc55FnU1zRu14+2J1WJeJ+zHn1cS5eS7lU2HzFqs/Fu3:4t24/kqU5M1zx/WJSOn1c3OXzFq1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-