General
-
Target
0242b77912d11030997cbf549f41a61c.exe
-
Size
37KB
-
Sample
221201-ld7whahg4w
-
MD5
0242b77912d11030997cbf549f41a61c
-
SHA1
d0fabf4bf6adff8f2ae3f827bf0a815fe00513cf
-
SHA256
d143d732effee86f0bc7a3862cfbc20b3ff1f0759aa997b7a8a3e5568fdd4337
-
SHA512
52d1b86eb23d6bca79c2752a3a5d43ac5617495a8b0a9d387492e8eef9a56067913ddb79b6dab7228bde473cdca9713d69d642f6b04eac52bbb6cd15e23c706c
-
SSDEEP
384:oalQmY98iM6caSGAZ0ytfBPGHlegiuIWnrAF+rMRTyN/0L+EcoinblneHQM3epzS:9QmGp2Z3tfBPGk9udrM+rMRa8NuW/t
Behavioral task
behavioral1
Sample
0242b77912d11030997cbf549f41a61c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0242b77912d11030997cbf549f41a61c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
im523
Dibil
7.tcp.eu.ngrok.io:18097
7bb786d3a71613dbb1f2bee12d98405a
-
reg_key
7bb786d3a71613dbb1f2bee12d98405a
-
splitter
|'|'|
Targets
-
-
Target
0242b77912d11030997cbf549f41a61c.exe
-
Size
37KB
-
MD5
0242b77912d11030997cbf549f41a61c
-
SHA1
d0fabf4bf6adff8f2ae3f827bf0a815fe00513cf
-
SHA256
d143d732effee86f0bc7a3862cfbc20b3ff1f0759aa997b7a8a3e5568fdd4337
-
SHA512
52d1b86eb23d6bca79c2752a3a5d43ac5617495a8b0a9d387492e8eef9a56067913ddb79b6dab7228bde473cdca9713d69d642f6b04eac52bbb6cd15e23c706c
-
SSDEEP
384:oalQmY98iM6caSGAZ0ytfBPGHlegiuIWnrAF+rMRTyN/0L+EcoinblneHQM3epzS:9QmGp2Z3tfBPGk9udrM+rMRa8NuW/t
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-