General
-
Target
abef5960fcda8c82d1fdbb291e7a9012.exe
-
Size
472KB
-
Sample
230131-klqfrahd4x
-
MD5
abef5960fcda8c82d1fdbb291e7a9012
-
SHA1
84e03cd48d7fec40753fc1226c88013f39bedcc0
-
SHA256
2ab90c3a95b4caa67473c8ac945ce0b69ae3b7d5778bd431214900812ab6fb3f
-
SHA512
10a92617477010bfb1550fdecc7f8dbd16b7debd6916b9c683e24931960f5aef1434f5346d1341c5bd77599267eee259e9f047565df32dc55a4be71302a5e515
-
SSDEEP
12288:u/N73EBM32LTQ9/hFou9SoUEZkmNlYX07i:u/N463oKrou/vZkmv3
Behavioral task
behavioral1
Sample
abef5960fcda8c82d1fdbb291e7a9012.exe
Resource
win7-20221111-en
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
HacK
0.tcp.in.ngrok.io:11408
f98d9d08ffb40400218be2d9b125d7d3
-
reg_key
f98d9d08ffb40400218be2d9b125d7d3
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
abef5960fcda8c82d1fdbb291e7a9012.exe
-
Size
472KB
-
MD5
abef5960fcda8c82d1fdbb291e7a9012
-
SHA1
84e03cd48d7fec40753fc1226c88013f39bedcc0
-
SHA256
2ab90c3a95b4caa67473c8ac945ce0b69ae3b7d5778bd431214900812ab6fb3f
-
SHA512
10a92617477010bfb1550fdecc7f8dbd16b7debd6916b9c683e24931960f5aef1434f5346d1341c5bd77599267eee259e9f047565df32dc55a4be71302a5e515
-
SSDEEP
12288:u/N73EBM32LTQ9/hFou9SoUEZkmNlYX07i:u/N463oKrou/vZkmv3
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-