General
-
Target
98ee71b0a06c4e3b3d83889129b45330.bin
-
Size
1.6MB
-
Sample
230320-bxec7adc3w
-
MD5
7a04d65b7500a038fb8096f361ee3cde
-
SHA1
95d1af96d6e02f5a60187c32a3dbc381166fcd9e
-
SHA256
250c903f73ad31a3c17601ec4763bb81032f68f4670e53d52f33e703ef6fd335
-
SHA512
c0c338645467b1561735ea0869891cf8480f16857477852062c81a56e863fdb4e3c8930483d78183999a0c92a2a95868314738ca4d49adeccf2bc766bcedb8d3
-
SSDEEP
49152:jYqVB/Kd5V7yS+sJLKajzIhSc/6AY8TQRlOK7:jTBYyOJLbzIzts+C
Static task
static1
Behavioral task
behavioral1
Sample
3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
v2.0
HacKed
should-conjunction.at.ply.gg:29414
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc.exe
-
Size
1.6MB
-
MD5
98ee71b0a06c4e3b3d83889129b45330
-
SHA1
7dba5c789bd3bf963fd6be44112b1f90f8f90ba1
-
SHA256
3673256d2b15a3ddd656ce595b43b409b3e1c2a19df82cc34c03c3a4632aacfc
-
SHA512
2ad67b315160d449df03050192650e3f6c5248db3b96c621ea89f782d7b38b58e8544d8a872a8704d0bccae61cfc443d65b9d6c67bf2d120779bad20405bf9b6
-
SSDEEP
49152:LrwuLv0LO0GwEKfUNlek/R7e748ilgoVSdtlccobm:HNj8jG5Kfye748ilfgrlcc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-