General
-
Target
d1a77f2295663286f942c95f625bf9b34738ee3416086f6986e1a2f0815ff4ab
-
Size
29KB
-
Sample
221205-fpbpjsgg22
-
MD5
6ec362d7580c472b2a3760eeb0a04b20
-
SHA1
e9b266174b130ec8bb1dc60789388dcb5dd91f82
-
SHA256
d1a77f2295663286f942c95f625bf9b34738ee3416086f6986e1a2f0815ff4ab
-
SHA512
82d2bc5f0bcfe5cd618981c6d615db1f56764b88dc4f6f3501d14125a8653cc2a015975a093f24d7f94abf8ce3dd5744b5309530d3d29f2cec351f9e0d91e282
-
SSDEEP
768:BK7ZW4Oakw1Bn33suViKeoBKh0p29SgRDy:BK78gc4iaKhG29jDy
Behavioral task
behavioral1
Sample
d1a77f2295663286f942c95f625bf9b34738ee3416086f6986e1a2f0815ff4ab.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d1a77f2295663286f942c95f625bf9b34738ee3416086f6986e1a2f0815ff4ab.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.6.4
HacKed By The Rebel
127.0.0.1:1177
0cd4627c736ab78dd8a3da9e349233a7
-
reg_key
0cd4627c736ab78dd8a3da9e349233a7
-
splitter
|'|'|
Targets
-
-
Target
d1a77f2295663286f942c95f625bf9b34738ee3416086f6986e1a2f0815ff4ab
-
Size
29KB
-
MD5
6ec362d7580c472b2a3760eeb0a04b20
-
SHA1
e9b266174b130ec8bb1dc60789388dcb5dd91f82
-
SHA256
d1a77f2295663286f942c95f625bf9b34738ee3416086f6986e1a2f0815ff4ab
-
SHA512
82d2bc5f0bcfe5cd618981c6d615db1f56764b88dc4f6f3501d14125a8653cc2a015975a093f24d7f94abf8ce3dd5744b5309530d3d29f2cec351f9e0d91e282
-
SSDEEP
768:BK7ZW4Oakw1Bn33suViKeoBKh0p29SgRDy:BK78gc4iaKhG29jDy
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-