General
-
Target
b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f
-
Size
4.7MB
-
Sample
221128-qd3n1aef48
-
MD5
1cf6319445434ff3bf912ba624b56b2f
-
SHA1
c8cf1473082c3f046c2851c73f662585db706ee9
-
SHA256
b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f
-
SHA512
47e9f20d6ab5a4d70255b0af31586e478de412a662c35f7398d3b0f96899ef50529d1e716362afc60fe1ea25ccd33fe0054d41aa254b50e0c502ab9510a46929
-
SSDEEP
98304:nRtl3HelZF7TFtX2/jGop3R6baTwlnzy2T6iELKJ2N3AG+vlD9yqJOW:RfOlZF77XknNRsFVT66AVATvV9h
Static task
static1
Behavioral task
behavioral1
Sample
b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f.exe
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
alaboo20.ddns.net:1177
997f3e18461eb88cd8dbaeae467eb195
-
reg_key
997f3e18461eb88cd8dbaeae467eb195
-
splitter
|'|'|
Targets
-
-
Target
b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f
-
Size
4.7MB
-
MD5
1cf6319445434ff3bf912ba624b56b2f
-
SHA1
c8cf1473082c3f046c2851c73f662585db706ee9
-
SHA256
b94255f5ab14c67dd057e2c789c5d3ac526e25f9deaaf1e9b5462cc553f1f61f
-
SHA512
47e9f20d6ab5a4d70255b0af31586e478de412a662c35f7398d3b0f96899ef50529d1e716362afc60fe1ea25ccd33fe0054d41aa254b50e0c502ab9510a46929
-
SSDEEP
98304:nRtl3HelZF7TFtX2/jGop3R6baTwlnzy2T6iELKJ2N3AG+vlD9yqJOW:RfOlZF77XknNRsFVT66AVATvV9h
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Suspicious use of SetThreadContext
-