General
-
Target
123acf74540b652a549c5d664b627663.bin
-
Size
34KB
-
Sample
230321-bc4gksaa81
-
MD5
fccdcfd62913eda3ec2829e9d1d9bd5d
-
SHA1
b7979904e4915c0897e7b8d03208241defb8b627
-
SHA256
67f59214bb644115f11242a0b92a8ab08d2c9553b48fca7a4834d157eb04a074
-
SHA512
d48787b80adcec81967c937ea7432ad19483330edf16426fcbe830f3fd64ade6939e5beb21c9956394c750b45d477b7ff1c2b347df69c537ff7aeec38d111fc8
-
SSDEEP
768:mTFuLHuTVMeOAOHGMETEOHEG2ZJBZMl3uivEqqXVro4GA:m06TrOAOHGXXHEG8cbtqlsfA
Behavioral task
behavioral1
Sample
a7a1f3e3bfc8abc1006276f3cb3bdaa1ff697b9fde421d6d2a181165db11377e.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
YXJ0LW5vdmVsdHkuYXQucGx5Lmdn:MjU1NjU=
8a45c8c850efba42d799d8b1b94ad051
-
reg_key
8a45c8c850efba42d799d8b1b94ad051
-
splitter
|'|'|
Targets
-
-
Target
a7a1f3e3bfc8abc1006276f3cb3bdaa1ff697b9fde421d6d2a181165db11377e.exe
-
Size
93KB
-
MD5
123acf74540b652a549c5d664b627663
-
SHA1
57a8230ac3fa6fe42a563c3355aa0512f4939098
-
SHA256
a7a1f3e3bfc8abc1006276f3cb3bdaa1ff697b9fde421d6d2a181165db11377e
-
SHA512
95a94265a64087fe37e22d47a8f11499a036f9f8d949d83f86ac1af02267c83765c5bdc1ab53cb4ee9ed7db41bda854b2ee9931611a82e911e0b5317a44d1c19
-
SSDEEP
768:rY30UBnkpjTMpALPGMtsas88EtNXhe9Y1mxCXxrjEtCdnl2pi1Rz4Rk3asGdpxgM:lURkVbPGHz88EbB1pjEwzGi1dDWDxgS
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-