General
-
Target
3c1cb358f762ea9dc3b8311eef095f29ba86ee0ff2b5fcfbf4c4a1b7fdde9b7c
-
Size
605KB
-
Sample
221128-x7y18sfa4s
-
MD5
fcfd5b6a28018bbea1f46f7a64bdecb9
-
SHA1
ba44d09165b2eb7b5b30504a89aab62d77aa7cb4
-
SHA256
3c1cb358f762ea9dc3b8311eef095f29ba86ee0ff2b5fcfbf4c4a1b7fdde9b7c
-
SHA512
7a25db32d77d87c92dd30deabfdb1a4ca2a427cf1ba52c7572f66cf056fcf4812c555bf62728395b07a3e90a5bbb274173ad67b64615a5d24bada59f36ad120a
-
SSDEEP
12288:dY20AljdZgBPfKfhPnnSOM/wsu3Lm2ERllI8FWv6:y20gPgFKJPnnRM/wxm2i/9
Static task
static1
Behavioral task
behavioral1
Sample
3c1cb358f762ea9dc3b8311eef095f29ba86ee0ff2b5fcfbf4c4a1b7fdde9b7c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3c1cb358f762ea9dc3b8311eef095f29ba86ee0ff2b5fcfbf4c4a1b7fdde9b7c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.6.4
HacKed
heroznt1.no-ip.biz:5552
d086ab557c53d3172de69a455249ad37
-
reg_key
d086ab557c53d3172de69a455249ad37
-
splitter
|'|'|
Targets
-
-
Target
3c1cb358f762ea9dc3b8311eef095f29ba86ee0ff2b5fcfbf4c4a1b7fdde9b7c
-
Size
605KB
-
MD5
fcfd5b6a28018bbea1f46f7a64bdecb9
-
SHA1
ba44d09165b2eb7b5b30504a89aab62d77aa7cb4
-
SHA256
3c1cb358f762ea9dc3b8311eef095f29ba86ee0ff2b5fcfbf4c4a1b7fdde9b7c
-
SHA512
7a25db32d77d87c92dd30deabfdb1a4ca2a427cf1ba52c7572f66cf056fcf4812c555bf62728395b07a3e90a5bbb274173ad67b64615a5d24bada59f36ad120a
-
SSDEEP
12288:dY20AljdZgBPfKfhPnnSOM/wsu3Lm2ERllI8FWv6:y20gPgFKJPnnRM/wxm2i/9
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-