General
-
Target
868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788
-
Size
999KB
-
Sample
221127-s9k5yadc8x
-
MD5
6a64f58c435d14c0321158f786e9f678
-
SHA1
569ac424bfc990ae89befdb160eaaf2eb00ac630
-
SHA256
868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788
-
SHA512
ea93c57fb06fe229a402ad90d03354faf648a501de467c148bbdaa48ad9663a8c6c6103ec2f3db367014e1e693ea9087f7bd168b4f0cfbe240d9060701ed3dad
-
SSDEEP
24576:Xtb20pkaCqT5TBWgNQ7axv9i3d/soW6A:UVg5tQ7axI3eP5
Static task
static1
Behavioral task
behavioral1
Sample
868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
HaCkEd
njrat-serv.ddns.net:1177
a2b2eed38adf2ef6969163ed40a2f666
-
reg_key
a2b2eed38adf2ef6969163ed40a2f666
-
splitter
|'|'|
Targets
-
-
Target
868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788
-
Size
999KB
-
MD5
6a64f58c435d14c0321158f786e9f678
-
SHA1
569ac424bfc990ae89befdb160eaaf2eb00ac630
-
SHA256
868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788
-
SHA512
ea93c57fb06fe229a402ad90d03354faf648a501de467c148bbdaa48ad9663a8c6c6103ec2f3db367014e1e693ea9087f7bd168b4f0cfbe240d9060701ed3dad
-
SSDEEP
24576:Xtb20pkaCqT5TBWgNQ7axv9i3d/soW6A:UVg5tQ7axI3eP5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-