General
-
Target
CAD9029745E1EACB7611A7DDB0CF9AB6DB06534C938FD.exe
-
Size
621KB
-
Sample
230318-lkwrtabg93
-
MD5
af0622cb4121f0d934f2461eb2eddd56
-
SHA1
4b194fe405215a036eb12f2dfcfb76e5548907d1
-
SHA256
cad9029745e1eacb7611a7ddb0cf9ab6db06534c938fd4f03f4092dc43b0ddf3
-
SHA512
70619e54f9e61f08573f64cd8d5cf04f13ddd8a1e62e5705571371d9becdb540c9e0d26998e2b5c1c211994d76a24be7b3b5ec521f4554a7c3618f50ad976849
-
SSDEEP
3072:JUBKGal/yFJUOIPo0Y/M4jj5E0M5hB8T1VVvy2nMiP1RvCa2fW/mzWS7+PuGP2Ps:JqEk/0F4j6htMBf
Static task
static1
Behavioral task
behavioral1
Sample
CAD9029745E1EACB7611A7DDB0CF9AB6DB06534C938FD.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
CAD9029745E1EACB7611A7DDB0CF9AB6DB06534C938FD.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
njrat
0.7d
HacKed
veprex.hopto.org:5552
83b7e568a26ebaedf41a9c3879a1e2a8
-
reg_key
83b7e568a26ebaedf41a9c3879a1e2a8
-
splitter
|'|'|
Targets
-
-
Target
CAD9029745E1EACB7611A7DDB0CF9AB6DB06534C938FD.exe
-
Size
621KB
-
MD5
af0622cb4121f0d934f2461eb2eddd56
-
SHA1
4b194fe405215a036eb12f2dfcfb76e5548907d1
-
SHA256
cad9029745e1eacb7611a7ddb0cf9ab6db06534c938fd4f03f4092dc43b0ddf3
-
SHA512
70619e54f9e61f08573f64cd8d5cf04f13ddd8a1e62e5705571371d9becdb540c9e0d26998e2b5c1c211994d76a24be7b3b5ec521f4554a7c3618f50ad976849
-
SSDEEP
3072:JUBKGal/yFJUOIPo0Y/M4jj5E0M5hB8T1VVvy2nMiP1RvCa2fW/mzWS7+PuGP2Ps:JqEk/0F4j6htMBf
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-