General
-
Target
533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20
-
Size
474KB
-
Sample
221130-twp3eaab61
-
MD5
aa6b20b8eb7cd91e35570f32de56cdd9
-
SHA1
422298e0c103218cea13d9d4fd54108e0ce95a5f
-
SHA256
533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20
-
SHA512
0cb750429a3653bbba1c42a5f46f824582ac5e81053aba1ea1411e88cb1687423a16d07891feb53da6544d7e3a60f38f019045d8d34d32db7ed477503017373a
-
SSDEEP
6144:dyoSa8koKuXg+50V8xOwcFl3E37lsuvqodQYyJ:dUabohyV8xOwcHU37euSe
Static task
static1
Behavioral task
behavioral1
Sample
533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
Hacked By HiDDen PerSOn
f271907620892e23e0670e3ebb701d01
-
reg_key
f271907620892e23e0670e3ebb701d01
Targets
-
-
Target
533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20
-
Size
474KB
-
MD5
aa6b20b8eb7cd91e35570f32de56cdd9
-
SHA1
422298e0c103218cea13d9d4fd54108e0ce95a5f
-
SHA256
533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20
-
SHA512
0cb750429a3653bbba1c42a5f46f824582ac5e81053aba1ea1411e88cb1687423a16d07891feb53da6544d7e3a60f38f019045d8d34d32db7ed477503017373a
-
SSDEEP
6144:dyoSa8koKuXg+50V8xOwcFl3E37lsuvqodQYyJ:dUabohyV8xOwcHU37euSe
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-