General
-
Target
Server.exe
-
Size
37KB
-
Sample
230206-wn94qafb89
-
MD5
77a061d54196511fb985ad08f61b4681
-
SHA1
e783b16bf42144aac4acf441fce87415e0dca275
-
SHA256
02175550330b76de111ae886a542242298c5b50b26f5d49a520fbe1481e52aab
-
SHA512
0292ebd71c561c6ad5ed841ba63e85b4606fd8c612eeb6d925a4e66933da19b3241569c3ce21b6451cf7eced02b0dea8e6893b2511ed041fdaf141052d9c3086
-
SSDEEP
384:calayyaik9hkdTnNiybYT81PRsc4jWj7rAF+rMRTyN/0L+EcoinblneHQM3epzX6:NgyCxNxbYT81y1WHrM+rMRa8Nu4Bt
Malware Config
Extracted
njrat
im523
HacKed
considered-arrest.at.ply.gg:19159
8b1b4ed3028d60637b47ebe2ea5ce8d7
-
reg_key
8b1b4ed3028d60637b47ebe2ea5ce8d7
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
37KB
-
MD5
77a061d54196511fb985ad08f61b4681
-
SHA1
e783b16bf42144aac4acf441fce87415e0dca275
-
SHA256
02175550330b76de111ae886a542242298c5b50b26f5d49a520fbe1481e52aab
-
SHA512
0292ebd71c561c6ad5ed841ba63e85b4606fd8c612eeb6d925a4e66933da19b3241569c3ce21b6451cf7eced02b0dea8e6893b2511ed041fdaf141052d9c3086
-
SSDEEP
384:calayyaik9hkdTnNiybYT81PRsc4jWj7rAF+rMRTyN/0L+EcoinblneHQM3epzX6:NgyCxNxbYT81y1WHrM+rMRa8Nu4Bt
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-