General
-
Target
0efe76d519e4e0ca5ee6175f0f2b2f55de852f5e4a0f4d90e5d803935de6281b
-
Size
5.3MB
-
Sample
221130-pqletade8x
-
MD5
0cee40a957d4d7cdd931e6ffa3f1cc3e
-
SHA1
7fcee605eae4e58d22573011bb8c1c356ae60021
-
SHA256
0efe76d519e4e0ca5ee6175f0f2b2f55de852f5e4a0f4d90e5d803935de6281b
-
SHA512
959e38948a870d4e8d885925636d2abf69328ce3bb74efa773d7f190fd6100bdf4fe4efda6f2c48d298d00c4f2da391ed18de1957bf51635c2eafe1a6e44b044
-
SSDEEP
98304:t1ly+LA79RFCTsyctUqInmyG96Tn7y4EuH6SxNBFa5JFYRsd6WfW6:t1lT8HFYsr/FJ96CtuHjNBEzYRT
Behavioral task
behavioral1
Sample
0efe76d519e4e0ca5ee6175f0f2b2f55de852f5e4a0f4d90e5d803935de6281b.exe
Resource
win7-20221111-en
Malware Config
Extracted
njrat
0.7d
HacKed
gingles.dynu.net:1606
60dee62e3e35c6dd6f151a7b7086dc91
-
reg_key
60dee62e3e35c6dd6f151a7b7086dc91
-
splitter
|'|'|
Targets
-
-
Target
0efe76d519e4e0ca5ee6175f0f2b2f55de852f5e4a0f4d90e5d803935de6281b
-
Size
5.3MB
-
MD5
0cee40a957d4d7cdd931e6ffa3f1cc3e
-
SHA1
7fcee605eae4e58d22573011bb8c1c356ae60021
-
SHA256
0efe76d519e4e0ca5ee6175f0f2b2f55de852f5e4a0f4d90e5d803935de6281b
-
SHA512
959e38948a870d4e8d885925636d2abf69328ce3bb74efa773d7f190fd6100bdf4fe4efda6f2c48d298d00c4f2da391ed18de1957bf51635c2eafe1a6e44b044
-
SSDEEP
98304:t1ly+LA79RFCTsyctUqInmyG96Tn7y4EuH6SxNBFa5JFYRsd6WfW6:t1lT8HFYsr/FJ96CtuHjNBEzYRT
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-