General
-
Target
a7c0c2333b7e07057647b6dcc1d0d5ac.exe
-
Size
95KB
-
Sample
230207-a1rx1sbh3v
-
MD5
a7c0c2333b7e07057647b6dcc1d0d5ac
-
SHA1
d8f3b54f4586ac682a013650f4350b4c9a9955a7
-
SHA256
b81f300ef1dfaa7f5c3d2bc0fa57a5bd74537eccfea550ddf44be4a30c39714e
-
SHA512
3c3c589896c3fc98165b56dcb5c02344c228ce023e9fc0b4da8bd21a7be78c081b1a5676067d7a279772ac99aa4e00144eb5abc12632f1a2afc3e60c271b62c2
-
SSDEEP
1536:6pvTI4X0UkJ2fe8o2VLWjOnZvU6l2MBnlLn/aaAqMnjkP:6pvE4uJ2Q2kFOZhZP
Static task
static1
Behavioral task
behavioral1
Sample
a7c0c2333b7e07057647b6dcc1d0d5ac.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a7c0c2333b7e07057647b6dcc1d0d5ac.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
gololosd.ddns.net:9090
151fd47f794ef2318b946b794bcd6603
-
reg_key
151fd47f794ef2318b946b794bcd6603
-
splitter
|'|'|
Targets
-
-
Target
a7c0c2333b7e07057647b6dcc1d0d5ac.exe
-
Size
95KB
-
MD5
a7c0c2333b7e07057647b6dcc1d0d5ac
-
SHA1
d8f3b54f4586ac682a013650f4350b4c9a9955a7
-
SHA256
b81f300ef1dfaa7f5c3d2bc0fa57a5bd74537eccfea550ddf44be4a30c39714e
-
SHA512
3c3c589896c3fc98165b56dcb5c02344c228ce023e9fc0b4da8bd21a7be78c081b1a5676067d7a279772ac99aa4e00144eb5abc12632f1a2afc3e60c271b62c2
-
SSDEEP
1536:6pvTI4X0UkJ2fe8o2VLWjOnZvU6l2MBnlLn/aaAqMnjkP:6pvE4uJ2Q2kFOZhZP
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-