General
-
Target
Private_Checker_2023_0.rar
-
Size
10.3MB
-
Sample
230313-xhcfyadf9v
-
MD5
4c66493ac2c4d18556d8f291b8e7830c
-
SHA1
ecf40bf886d700b86b711681d80c14709dd6ec03
-
SHA256
13541e746cdf54a9dd39886962d240d55407a28a1fb8d879d4135dfd4eb45980
-
SHA512
1d1177cb14a20cd564a4965fc6eefefbf867d90b06ac255169d23fda8d827c2162afbdc76401a9d26816e1a61cd20ad4b59f437aab85d4e68925e63d0ae97773
-
SSDEEP
196608:ugEdki/JvzDQA6AMp67h26VR31SViJ2IBRlWflXo8VdCd0kFhW:BEOid/PbM6D31miJ2SR5kUd0L
Static task
static1
Behavioral task
behavioral1
Sample
Run.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Run.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
5.78.41.13:5552
b5ca8b9665cede5b2e58d62e76894940
-
reg_key
b5ca8b9665cede5b2e58d62e76894940
-
splitter
|'|'|
Targets
-
-
Target
Run.exe
-
Size
10.3MB
-
MD5
1148891f082d24c6f0be9800d05c01c8
-
SHA1
1d053080ab81e15aa76466e98d4d4c34a0ed517d
-
SHA256
e640e55651b30981ff9b93e3183c30dbcf45b8ca8ebb5b981c6d08aad85269db
-
SHA512
2563fe9dd9e18df629480a34f70a6b8bebf185e447d090e81632ad1da26f7a446960ef0ca2fdd833b5d5d14e85384320b494c4c46347c0268f5ace7d3cd6a92b
-
SSDEEP
196608:u5AHwrNX93+Gko1UbNhGHW3lidswAPq+ZQxu40bItwMtjqS6yu2gfYqBJ:GmGkoYiRCnq+ZQ6bItXtwyu2AYq
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-