General
-
Target
539a1c84e8f25f54c520bbf48b4aab6b.exe
-
Size
159KB
-
Sample
221203-bc75rsec9w
-
MD5
539a1c84e8f25f54c520bbf48b4aab6b
-
SHA1
45872ded1cda755c5221958332e9863680b992e2
-
SHA256
79c358be65277404a46eab5f2eaa0d2938a70ba55a2396c4957bddf7699b441f
-
SHA512
98fd44c98796321528cddece682fc78fdd91b650da6fca6c4e976db4fecc7b775015868eb549c5d626a359e293930a55511026db2bed7a884b02279575eb0720
-
SSDEEP
3072:HcXCfxe+yJJFy5K7u77HeoT1V0Qh634VHyaJl1lH5:8XCloqKO1hJl1lH5
Behavioral task
behavioral1
Sample
539a1c84e8f25f54c520bbf48b4aab6b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
539a1c84e8f25f54c520bbf48b4aab6b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
njrat
im523
HacKed
181.214.130.17:50100
0c829ad93254e4900c3b4ce264339d97
-
reg_key
0c829ad93254e4900c3b4ce264339d97
-
splitter
|'|'|
Targets
-
-
Target
539a1c84e8f25f54c520bbf48b4aab6b.exe
-
Size
159KB
-
MD5
539a1c84e8f25f54c520bbf48b4aab6b
-
SHA1
45872ded1cda755c5221958332e9863680b992e2
-
SHA256
79c358be65277404a46eab5f2eaa0d2938a70ba55a2396c4957bddf7699b441f
-
SHA512
98fd44c98796321528cddece682fc78fdd91b650da6fca6c4e976db4fecc7b775015868eb549c5d626a359e293930a55511026db2bed7a884b02279575eb0720
-
SSDEEP
3072:HcXCfxe+yJJFy5K7u77HeoT1V0Qh634VHyaJl1lH5:8XCloqKO1hJl1lH5
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-