General
-
Target
d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
-
Size
240KB
-
Sample
221130-vpb3msce5x
-
MD5
b30fee632f6b18eb2ff5a49a4e5d7883
-
SHA1
550238b070088e906fa9ee2aa3477a1321498173
-
SHA256
d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
-
SHA512
28aae9d2412729144d757a489807cb8761abe5f0a93dd43ac3c41d6e03e8c5d67208feebcd421663fc794a26612e2554ed0f53ed583c45b1501e4e0748e8c826
-
SSDEEP
6144:de95/jDSDls2IN4vuSACO9yux887vyYlPEAOlfJO2EgFTuUB5aW:deyvKz92xhETUx
Behavioral task
behavioral1
Sample
d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c.exe
Resource
win7-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
279f6960ed84a752570aca7fb2dc1552
-
reg_key
279f6960ed84a752570aca7fb2dc1552
-
splitter
|'|'|
Targets
-
-
Target
d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
-
Size
240KB
-
MD5
b30fee632f6b18eb2ff5a49a4e5d7883
-
SHA1
550238b070088e906fa9ee2aa3477a1321498173
-
SHA256
d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
-
SHA512
28aae9d2412729144d757a489807cb8761abe5f0a93dd43ac3c41d6e03e8c5d67208feebcd421663fc794a26612e2554ed0f53ed583c45b1501e4e0748e8c826
-
SSDEEP
6144:de95/jDSDls2IN4vuSACO9yux887vyYlPEAOlfJO2EgFTuUB5aW:deyvKz92xhETUx
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-