General
-
Target
2fd0e5f074ac1797378039bfd9aa2783.exe
-
Size
37KB
-
Sample
221201-skmbpsed9y
-
MD5
2fd0e5f074ac1797378039bfd9aa2783
-
SHA1
260a02c1aab33a643f549706d0e41b98583c4c80
-
SHA256
c46660f4c6006b2d4fbb1f6b651da9c20895c9acbbf498a506365aca36ab9823
-
SHA512
40af1e03eaf180a51a885160d702997dc675fa66a20608afc582fa0c576d34565d843b582f7f63beb2297c4d55b53006a50c7aaadeb8380b5a02c8459477e2ba
-
SSDEEP
384:HmqaSikHkvmkO8IV+ytbNNOvNEsuKv2rAF+rMRTyN/0L+EcoinblneHQM3epzXQg:G1IV1tbNNO2lK+rM+rMRa8Numgt
Behavioral task
behavioral1
Sample
2fd0e5f074ac1797378039bfd9aa2783.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2fd0e5f074ac1797378039bfd9aa2783.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
im523
Dibil
0.tcp.eu.ngrok.io:18648
ab0232858746b083a3ee8bc3e01cc315
-
reg_key
ab0232858746b083a3ee8bc3e01cc315
-
splitter
|'|'|
Targets
-
-
Target
2fd0e5f074ac1797378039bfd9aa2783.exe
-
Size
37KB
-
MD5
2fd0e5f074ac1797378039bfd9aa2783
-
SHA1
260a02c1aab33a643f549706d0e41b98583c4c80
-
SHA256
c46660f4c6006b2d4fbb1f6b651da9c20895c9acbbf498a506365aca36ab9823
-
SHA512
40af1e03eaf180a51a885160d702997dc675fa66a20608afc582fa0c576d34565d843b582f7f63beb2297c4d55b53006a50c7aaadeb8380b5a02c8459477e2ba
-
SSDEEP
384:HmqaSikHkvmkO8IV+ytbNNOvNEsuKv2rAF+rMRTyN/0L+EcoinblneHQM3epzXQg:G1IV1tbNNO2lK+rM+rMRa8Numgt
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-