General
-
Target
2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2
-
Size
19KB
-
Sample
221204-s6kd8sce77
-
MD5
1b2f439fa72d529f7566399ee1f37f50
-
SHA1
78366821e311104f1e6c994b659d7e0469076bed
-
SHA256
2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2
-
SHA512
5bcfe0dbaf5c0d869d8e9d1d10199006b2a82c3779d7ae1ee3f99f0d427ffdb534df39b2765e31146e9f273fd808d003a7ee29ab1961f3517f89f77540b0dd33
-
SSDEEP
384:XSnwCNMB4mmK0Nd02ax4yfG1uJKTzg0kkp:invNMD0d0z4yfG1chkp
Static task
static1
Behavioral task
behavioral1
Sample
2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
AhMeD
a3b4.no-ip.org:1188
d5a38e9b5f206c41f8851bf04a251d26
-
reg_key
d5a38e9b5f206c41f8851bf04a251d26
-
splitter
|'|'|
Targets
-
-
Target
2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2
-
Size
19KB
-
MD5
1b2f439fa72d529f7566399ee1f37f50
-
SHA1
78366821e311104f1e6c994b659d7e0469076bed
-
SHA256
2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2
-
SHA512
5bcfe0dbaf5c0d869d8e9d1d10199006b2a82c3779d7ae1ee3f99f0d427ffdb534df39b2765e31146e9f273fd808d003a7ee29ab1961f3517f89f77540b0dd33
-
SSDEEP
384:XSnwCNMB4mmK0Nd02ax4yfG1uJKTzg0kkp:invNMD0d0z4yfG1chkp
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-