General
-
Target
d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906.exe
-
Size
25KB
-
Sample
221130-tz34faad9y
-
MD5
201d32e0b19f59625d4152fa7a0c7f0d
-
SHA1
03f9109e046f6033f21d2c41fd461ed67fa4fa72
-
SHA256
d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906
-
SHA512
9a80ed2f607027962bae0fa2a019bea90472aefb499e3b7959688d815b321f18f755459a108bd8e377c7559edb2b578d3dc1e63d9d3a7a5bd698dad9c9380023
-
SSDEEP
768:6m3km2qDyTYCFk3eWJDUQWOcq3sFR8hlRh6Y:L3kmlu3MDUasHe+Y
Static task
static1
Behavioral task
behavioral1
Sample
d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906.exe
Resource
win7-20221111-en
Malware Config
Extracted
njrat
v4.0
HacKed
6.tcp.eu.ngrok.io:18644
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906.exe
-
Size
25KB
-
MD5
201d32e0b19f59625d4152fa7a0c7f0d
-
SHA1
03f9109e046f6033f21d2c41fd461ed67fa4fa72
-
SHA256
d46ffa62d8ee5a2aa48c6d731780bf3124199d94d3562b8b65560e91f970b906
-
SHA512
9a80ed2f607027962bae0fa2a019bea90472aefb499e3b7959688d815b321f18f755459a108bd8e377c7559edb2b578d3dc1e63d9d3a7a5bd698dad9c9380023
-
SSDEEP
768:6m3km2qDyTYCFk3eWJDUQWOcq3sFR8hlRh6Y:L3kmlu3MDUasHe+Y
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-