General
-
Target
4c2d57d34e69887b905ac39fbb58d736.exe
-
Size
199KB
-
Sample
230317-at2tmsde49
-
MD5
4c2d57d34e69887b905ac39fbb58d736
-
SHA1
a35b9371a42a87a814dd68ff9db30f6e1e95a008
-
SHA256
75e794dd1ddfe6d2585dc9031c32fa1c27515d08476d7d2dd52dd650bfbb934d
-
SHA512
42690607f291369b3231d9fcf2e885670eb34d81fc8e8b20236c1f5fa80f30dbefc3f4cfae9481c71cd04c89952131b521e57aad46e2eef3cfb90e75464a84f3
-
SSDEEP
3072:VRs0YSY6FGHBu/84ozP1a4HjQPp4UgcaaeN3AxB3qRrvCG2KSWFPQ4pn1iqZyt:L4HY/8aOj44UVD0Qx5qX2KxFPQsn1NZO
Static task
static1
Behavioral task
behavioral1
Sample
4c2d57d34e69887b905ac39fbb58d736.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
Zm9ycnV4eC5kZG5zLm5ldAStrikStrik:OTA5MA==
30bf20a7c4c21398efee41949036ac7b
-
reg_key
30bf20a7c4c21398efee41949036ac7b
-
splitter
|'|'|
Targets
-
-
Target
4c2d57d34e69887b905ac39fbb58d736.exe
-
Size
199KB
-
MD5
4c2d57d34e69887b905ac39fbb58d736
-
SHA1
a35b9371a42a87a814dd68ff9db30f6e1e95a008
-
SHA256
75e794dd1ddfe6d2585dc9031c32fa1c27515d08476d7d2dd52dd650bfbb934d
-
SHA512
42690607f291369b3231d9fcf2e885670eb34d81fc8e8b20236c1f5fa80f30dbefc3f4cfae9481c71cd04c89952131b521e57aad46e2eef3cfb90e75464a84f3
-
SSDEEP
3072:VRs0YSY6FGHBu/84ozP1a4HjQPp4UgcaaeN3AxB3qRrvCG2KSWFPQ4pn1iqZyt:L4HY/8aOj44UVD0Qx5qX2KxFPQsn1NZO
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-