General
-
Target
a26afc4b230cde67dec5e341aef0e90f
-
Size
4.5MB
-
Sample
230316-brvszsgc66
-
MD5
a26afc4b230cde67dec5e341aef0e90f
-
SHA1
f5a7a08bbd039184c3e89f4ea4ef5eeb392b5fa1
-
SHA256
567c4101aa7ad812b7bd42d87a5ba7d9c4f82dd7096daa7b079cfa70649dec2e
-
SHA512
06e71d53d1e0e0436be193f05c05c8896e9184bfc7db1842195452d34a8c9a59f26b38129a4216eb301c96e367babb8db7b1e50b2a258acc5f0d6c981db4621a
-
SSDEEP
98304:13KI5OVU8/GsW+exVVxHjkxuiCllBHr8wBY:8Q+Urt+eHVxHjqui+r8AY
Static task
static1
Behavioral task
behavioral1
Sample
a26afc4b230cde67dec5e341aef0e90f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a26afc4b230cde67dec5e341aef0e90f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
v4.0
HacKed
ecutuning.ddns.net:11560
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
a26afc4b230cde67dec5e341aef0e90f
-
Size
4.5MB
-
MD5
a26afc4b230cde67dec5e341aef0e90f
-
SHA1
f5a7a08bbd039184c3e89f4ea4ef5eeb392b5fa1
-
SHA256
567c4101aa7ad812b7bd42d87a5ba7d9c4f82dd7096daa7b079cfa70649dec2e
-
SHA512
06e71d53d1e0e0436be193f05c05c8896e9184bfc7db1842195452d34a8c9a59f26b38129a4216eb301c96e367babb8db7b1e50b2a258acc5f0d6c981db4621a
-
SSDEEP
98304:13KI5OVU8/GsW+exVVxHjkxuiCllBHr8wBY:8Q+Urt+eHVxHjqui+r8AY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-