General
-
Target
0ca46809803efa80c85e98086320c7a0c433cc73bc9ede372e566a14f426b9df
-
Size
248KB
-
Sample
221127-wpxj1sgd42
-
MD5
8432935b64ef23c0c07720f1142ffd93
-
SHA1
1f22b05be3855a7a66cf59cc2958277a2a23f925
-
SHA256
0ca46809803efa80c85e98086320c7a0c433cc73bc9ede372e566a14f426b9df
-
SHA512
feb256e675739097f5cca45524159b0b16294d885a0fc56cb8385bd3540ed58060396eb3b39e0761a4a80faddcfa97afd386ea8a08957d2ecdd5d845c1c2f2ec
-
SSDEEP
3072:4k2t7jYmwrtGHESwzd5XmXm1656cKWK1mrFlao6Tw2C6NHZtl4o3nb9Bb1qle/jQ:mtnKGkaXC6563WKsvlawX6RZ1BDiEC
Static task
static1
Behavioral task
behavioral1
Sample
0ca46809803efa80c85e98086320c7a0c433cc73bc9ede372e566a14f426b9df.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0ca46809803efa80c85e98086320c7a0c433cc73bc9ede372e566a14f426b9df.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
Hacker
yayo.ddns.net:8899
760a31a51389e6dce4ab8e433bd27602
-
reg_key
760a31a51389e6dce4ab8e433bd27602
-
splitter
|'|'|
Targets
-
-
Target
0ca46809803efa80c85e98086320c7a0c433cc73bc9ede372e566a14f426b9df
-
Size
248KB
-
MD5
8432935b64ef23c0c07720f1142ffd93
-
SHA1
1f22b05be3855a7a66cf59cc2958277a2a23f925
-
SHA256
0ca46809803efa80c85e98086320c7a0c433cc73bc9ede372e566a14f426b9df
-
SHA512
feb256e675739097f5cca45524159b0b16294d885a0fc56cb8385bd3540ed58060396eb3b39e0761a4a80faddcfa97afd386ea8a08957d2ecdd5d845c1c2f2ec
-
SSDEEP
3072:4k2t7jYmwrtGHESwzd5XmXm1656cKWK1mrFlao6Tw2C6NHZtl4o3nb9Bb1qle/jQ:mtnKGkaXC6563WKsvlawX6RZ1BDiEC
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-