General
-
Target
1a3f1ea6b4b990b1c1743d13d1865a07.exe
-
Size
23KB
-
Sample
230331-xysg4acg23
-
MD5
1a3f1ea6b4b990b1c1743d13d1865a07
-
SHA1
7354d163d1c64ddb4c1ec6840951b063800ba326
-
SHA256
3e99cae52ebb2886befe137be1d5149c4b788e2e808719172b0fabd60b56503a
-
SHA512
5f8e6018a9d744f10d1b4553794a0eb59c11e95cb9ab2a3c6bea989680c49842fa64e46fef29d2741949169443ee3a0394200f1f7e263a2649c039554a9d5088
-
SSDEEP
384:SRMKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZ3A:SqW4V6+yDRpcnub
Behavioral task
behavioral1
Sample
1a3f1ea6b4b990b1c1743d13d1865a07.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
0.7d
CrossFire
audiodgx.hopto.org:5552
19cb0d51f6ccd969c2d64e6b68b1fc01
-
reg_key
19cb0d51f6ccd969c2d64e6b68b1fc01
-
splitter
|'|'|
Targets
-
-
Target
1a3f1ea6b4b990b1c1743d13d1865a07.exe
-
Size
23KB
-
MD5
1a3f1ea6b4b990b1c1743d13d1865a07
-
SHA1
7354d163d1c64ddb4c1ec6840951b063800ba326
-
SHA256
3e99cae52ebb2886befe137be1d5149c4b788e2e808719172b0fabd60b56503a
-
SHA512
5f8e6018a9d744f10d1b4553794a0eb59c11e95cb9ab2a3c6bea989680c49842fa64e46fef29d2741949169443ee3a0394200f1f7e263a2649c039554a9d5088
-
SSDEEP
384:SRMKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZ3A:SqW4V6+yDRpcnub
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-