General
-
Target
0x0009000000012314-63.dat
-
Size
78KB
-
Sample
230206-h12ffsfh4z
-
MD5
2c3dfd707a71a723aada2ab5cb4485d6
-
SHA1
41357a94ad63b2f6bbe4f4f0a069d6f22a125369
-
SHA256
1ba26b7fefc227463accb9d479889d17439b7de392d09722d271641acf24b23f
-
SHA512
fe6e219e3efb0c8e0ee3a77d5dc198a43df605e9859bf5a1b41dbd8cfae929d9c684025676b80c8f5438e3e4de1d1b9a0a78bf5c5fd2005763e8d254425dcb19
-
SSDEEP
1536:If+qHADbDpKS5wpOk3JCK6pFo2/e6fOpd/9nEh9TGnJUR:WQwpOk5CK6pO/9ESnJU
Behavioral task
behavioral1
Sample
0x0009000000012314-63.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0x0009000000012314-63.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7.3
Exploited++
salesxpert.duckdns.org:2889
windows.exe
-
reg_key
windows.exe
-
splitter
mnbvcxz12
Targets
-
-
Target
0x0009000000012314-63.dat
-
Size
78KB
-
MD5
2c3dfd707a71a723aada2ab5cb4485d6
-
SHA1
41357a94ad63b2f6bbe4f4f0a069d6f22a125369
-
SHA256
1ba26b7fefc227463accb9d479889d17439b7de392d09722d271641acf24b23f
-
SHA512
fe6e219e3efb0c8e0ee3a77d5dc198a43df605e9859bf5a1b41dbd8cfae929d9c684025676b80c8f5438e3e4de1d1b9a0a78bf5c5fd2005763e8d254425dcb19
-
SSDEEP
1536:If+qHADbDpKS5wpOk3JCK6pFo2/e6fOpd/9nEh9TGnJUR:WQwpOk5CK6pO/9ESnJU
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-