General
-
Target
978c51766ca4c44d313f83b92ca410f047d20440a4db3e82e8d85d3940625ea6
-
Size
23KB
-
Sample
221128-xxz6jsab34
-
MD5
fd6628ccb31e6aff3f6b8324a62ec351
-
SHA1
f5f0825e5ae10737580a31226b856d794990cbb0
-
SHA256
978c51766ca4c44d313f83b92ca410f047d20440a4db3e82e8d85d3940625ea6
-
SHA512
37855fa7d46b02c59736f4a7c1901bc05a85a8303f5f2cda4e6f76f927dbfe94172890b43921e4580175b6a9345ecb394ffed02538e9d416050cb58dd9b3cc24
-
SSDEEP
384:CQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZbp:d5yBVd7RpcnuK
Behavioral task
behavioral1
Sample
978c51766ca4c44d313f83b92ca410f047d20440a4db3e82e8d85d3940625ea6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
978c51766ca4c44d313f83b92ca410f047d20440a4db3e82e8d85d3940625ea6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
0.7d
HacKed
ahmedhoba.publicvm.com:1177
a629fde8a51b5b06ca80c5e22869f744
-
reg_key
a629fde8a51b5b06ca80c5e22869f744
-
splitter
|'|'|
Targets
-
-
Target
978c51766ca4c44d313f83b92ca410f047d20440a4db3e82e8d85d3940625ea6
-
Size
23KB
-
MD5
fd6628ccb31e6aff3f6b8324a62ec351
-
SHA1
f5f0825e5ae10737580a31226b856d794990cbb0
-
SHA256
978c51766ca4c44d313f83b92ca410f047d20440a4db3e82e8d85d3940625ea6
-
SHA512
37855fa7d46b02c59736f4a7c1901bc05a85a8303f5f2cda4e6f76f927dbfe94172890b43921e4580175b6a9345ecb394ffed02538e9d416050cb58dd9b3cc24
-
SSDEEP
384:CQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZbp:d5yBVd7RpcnuK
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-