General
-
Target
e20b2e0c58b3cee7c99f724e38a7792daecf317a9f5d9ac2311d781cb7378a34
-
Size
244KB
-
Sample
221128-x7z9asba85
-
MD5
a5becfbab103cbd7f97a0cee39cf5cc2
-
SHA1
6f275eaa09869070a8316ea33789c1750f8f3f8b
-
SHA256
e20b2e0c58b3cee7c99f724e38a7792daecf317a9f5d9ac2311d781cb7378a34
-
SHA512
3dee4a1e25a79b55602ec9d99bddec541652dfff548eb23dedde1ecaf50984e56ab1f43ae18e60e168a048b13438501aecf0d88ad865bdf40a9e156381ffaf18
-
SSDEEP
6144:YWCXtw4+Q0K/L5ZnmnYSJ8+e0gSCdt68Rnc3VKm:f4+Z+VZnmnYSJ8+WSMPRnc39
Static task
static1
Behavioral task
behavioral1
Sample
libyana.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
libyana.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed
heroznt1.no-ip.biz:5552
d086ab557c53d3172de69a455249ad37
-
reg_key
d086ab557c53d3172de69a455249ad37
-
splitter
|'|'|
Targets
-
-
Target
libyana.exe
-
Size
605KB
-
MD5
fcfd5b6a28018bbea1f46f7a64bdecb9
-
SHA1
ba44d09165b2eb7b5b30504a89aab62d77aa7cb4
-
SHA256
3c1cb358f762ea9dc3b8311eef095f29ba86ee0ff2b5fcfbf4c4a1b7fdde9b7c
-
SHA512
7a25db32d77d87c92dd30deabfdb1a4ca2a427cf1ba52c7572f66cf056fcf4812c555bf62728395b07a3e90a5bbb274173ad67b64615a5d24bada59f36ad120a
-
SSDEEP
12288:dY20AljdZgBPfKfhPnnSOM/wsu3Lm2ERllI8FWv6:y20gPgFKJPnnRM/wxm2i/9
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-