General
-
Target
d0f23b1856586944e7ae8e19c83b3a737c064fcd56783c8bfa0186813c4146c9
-
Size
23KB
-
Sample
221126-zsfbpagh9s
-
MD5
461a7812515ad071720214f8610db491
-
SHA1
cc49d3b68f7cba6f904a80cf0bcb45598c931ffc
-
SHA256
d0f23b1856586944e7ae8e19c83b3a737c064fcd56783c8bfa0186813c4146c9
-
SHA512
81d0d16f22955b2dd6176b03a89ff0f2f4055eb603cb0f733f5741432755e0e8178ec0312703f4f404deb7d61e127b212f16b433ba0f3bde6c7184244818ca6b
-
SSDEEP
384:ScqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZMRe:F30py6vhxaRpcnu6
Behavioral task
behavioral1
Sample
d0f23b1856586944e7ae8e19c83b3a737c064fcd56783c8bfa0186813c4146c9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d0f23b1856586944e7ae8e19c83b3a737c064fcd56783c8bfa0186813c4146c9.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
ViC
adelame.no-ip.biz:1607
7824fc81dc33eff15e8eb4a8c62346f9
-
reg_key
7824fc81dc33eff15e8eb4a8c62346f9
-
splitter
|'|'|
Targets
-
-
Target
d0f23b1856586944e7ae8e19c83b3a737c064fcd56783c8bfa0186813c4146c9
-
Size
23KB
-
MD5
461a7812515ad071720214f8610db491
-
SHA1
cc49d3b68f7cba6f904a80cf0bcb45598c931ffc
-
SHA256
d0f23b1856586944e7ae8e19c83b3a737c064fcd56783c8bfa0186813c4146c9
-
SHA512
81d0d16f22955b2dd6176b03a89ff0f2f4055eb603cb0f733f5741432755e0e8178ec0312703f4f404deb7d61e127b212f16b433ba0f3bde6c7184244818ca6b
-
SSDEEP
384:ScqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZMRe:F30py6vhxaRpcnu6
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-