General
-
Target
bK5A.exe
-
Size
23KB
-
Sample
230316-hze6tsbh6v
-
MD5
a55ad693e9909eab198f2f873939ba6f
-
SHA1
28af68d8abcecf08c677449892ca5434a73ccb9f
-
SHA256
27d7942099c932c0091ae518341193d28d06ac7b5efe0b548499be25217f046f
-
SHA512
5ce2be5c0363d4e051c20e33f7bee8314d477fcb8348a760147ef5021112aa526ae8ed7e4e23c70e9b54808a6fdad64cfba058e5342f39a1908f220a1ed08f2f
-
SSDEEP
384:H+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZbP:gm+71d5XRpcnuo
Behavioral task
behavioral1
Sample
bK5A.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
7.tcp.eu.ngrok.io:10930
9e1d76f980dcbeb3169aabd93be87618
-
reg_key
9e1d76f980dcbeb3169aabd93be87618
-
splitter
|'|'|
Targets
-
-
Target
bK5A.exe
-
Size
23KB
-
MD5
a55ad693e9909eab198f2f873939ba6f
-
SHA1
28af68d8abcecf08c677449892ca5434a73ccb9f
-
SHA256
27d7942099c932c0091ae518341193d28d06ac7b5efe0b548499be25217f046f
-
SHA512
5ce2be5c0363d4e051c20e33f7bee8314d477fcb8348a760147ef5021112aa526ae8ed7e4e23c70e9b54808a6fdad64cfba058e5342f39a1908f220a1ed08f2f
-
SSDEEP
384:H+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZbP:gm+71d5XRpcnuo
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-