General
-
Target
FINANCIALS.pdf.lnk
-
Size
1KB
-
Sample
221207-n3gfysea57
-
MD5
0e6da63c0a779ecaf78c87780bfa24f8
-
SHA1
d94c0a6eb06c4996cacb56559516fb0e469605ac
-
SHA256
c9515781559e19f50bc3bee9a6120b1a2f68976c8915653e7538ca26b0cad8c5
-
SHA512
16cbaf69b63fd7ea638d1bc20d4bab1898cbabd4387c8b8d0dd6ce1d2cd2f00186f653613cef9d31559e8afcae38eee1a3bea354862b0ba7bf67c3f4d6311499
Static task
static1
Behavioral task
behavioral1
Sample
FINANCIALS.pdf.lnk
Resource
win7-20220812-en
Malware Config
Extracted
njrat
0.7d
NOV18
172.241.29.150:4848
4a4dfaf1c1d7b82a2898b4d660a57fc4
-
reg_key
4a4dfaf1c1d7b82a2898b4d660a57fc4
-
splitter
|'|'|
Targets
-
-
Target
FINANCIALS.pdf.lnk
-
Size
1KB
-
MD5
0e6da63c0a779ecaf78c87780bfa24f8
-
SHA1
d94c0a6eb06c4996cacb56559516fb0e469605ac
-
SHA256
c9515781559e19f50bc3bee9a6120b1a2f68976c8915653e7538ca26b0cad8c5
-
SHA512
16cbaf69b63fd7ea638d1bc20d4bab1898cbabd4387c8b8d0dd6ce1d2cd2f00186f653613cef9d31559e8afcae38eee1a3bea354862b0ba7bf67c3f4d6311499
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-