General
-
Target
98ee71b0a06c4e3b3d83889129b45330.exe
-
Size
1.6MB
-
Sample
230318-wza4rsdc45
-
MD5
98ee71b0a06c4e3b3d83889129b45330
-
SHA1
7dba5c789bd3bf963fd6be44112b1f90f8f90ba1
-
SHA256
3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc
-
SHA512
2ad67b315160d449df03050192650e3f6c5248db3b96c621ea89f782d7b38b58e8544d8a872a8704d0bccae61cfc443d65b9d6c67bf2d120779bad20405bf9b6
-
SSDEEP
49152:LrwuLv0LO0GwEKfUNlek/R7e748ilgoVSdtlccobm:HNj8jG5Kfye748ilfgrlcc
Static task
static1
Behavioral task
behavioral1
Sample
98ee71b0a06c4e3b3d83889129b45330.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
v2.0
HacKed
should-conjunction.at.ply.gg:29414
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
98ee71b0a06c4e3b3d83889129b45330.exe
-
Size
1.6MB
-
MD5
98ee71b0a06c4e3b3d83889129b45330
-
SHA1
7dba5c789bd3bf963fd6be44112b1f90f8f90ba1
-
SHA256
3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc
-
SHA512
2ad67b315160d449df03050192650e3f6c5248db3b96c621ea89f782d7b38b58e8544d8a872a8704d0bccae61cfc443d65b9d6c67bf2d120779bad20405bf9b6
-
SSDEEP
49152:LrwuLv0LO0GwEKfUNlek/R7e748ilgoVSdtlccobm:HNj8jG5Kfye748ilfgrlcc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-