General
-
Target
0433ac9a71c40aa8dfb73918c8cf7b813f15a9d648a736517b9f2717eaf40bd6
-
Size
68KB
-
Sample
221128-hbhbaace58
-
MD5
9de18ddf68db554abf12d82b38dc07b7
-
SHA1
1a7d6f51246ed88524059e02581335de89a25f25
-
SHA256
0433ac9a71c40aa8dfb73918c8cf7b813f15a9d648a736517b9f2717eaf40bd6
-
SHA512
25e743b4d047e53e8e973a5a4cace6a4e74638f469c73ad1dfbbfeefa368490b0828050d701caefb717d871c5098db6a67134ba0a0b122991ff6c89a98ea3e26
-
SSDEEP
768:fXoCQm8IwSP9liYsI1AimKgaRAWhCnsXfCc5yl876TUCTc:/pN1wu9jV1AimK9AWInW6TUp
Static task
static1
Behavioral task
behavioral1
Sample
0433ac9a71c40aa8dfb73918c8cf7b813f15a9d648a736517b9f2717eaf40bd6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0433ac9a71c40aa8dfb73918c8cf7b813f15a9d648a736517b9f2717eaf40bd6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
Special
eagle-eye.cable-modem.org:962
7c3640013836284efb17512c6b183a26
-
reg_key
7c3640013836284efb17512c6b183a26
-
splitter
|'|'|
Targets
-
-
Target
0433ac9a71c40aa8dfb73918c8cf7b813f15a9d648a736517b9f2717eaf40bd6
-
Size
68KB
-
MD5
9de18ddf68db554abf12d82b38dc07b7
-
SHA1
1a7d6f51246ed88524059e02581335de89a25f25
-
SHA256
0433ac9a71c40aa8dfb73918c8cf7b813f15a9d648a736517b9f2717eaf40bd6
-
SHA512
25e743b4d047e53e8e973a5a4cace6a4e74638f469c73ad1dfbbfeefa368490b0828050d701caefb717d871c5098db6a67134ba0a0b122991ff6c89a98ea3e26
-
SSDEEP
768:fXoCQm8IwSP9liYsI1AimKgaRAWhCnsXfCc5yl876TUCTc:/pN1wu9jV1AimK9AWInW6TUp
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-