General
-
Target
Loader.exe
-
Size
27KB
-
Sample
230404-trfceaad4v
-
MD5
d71f1e29b9ed6166277cc0977cd9196c
-
SHA1
00f51f5a639930290ac6abe9cbd382101bad73fc
-
SHA256
0bd144d491d483c06337995107aaab02a66bb315dc298fe6b04ae9be6d58a97c
-
SHA512
0662780ccb7273639867b1c150f72f4773b47395bdb5741a3b8b6fa71f9c1a079697e5c2729ab43d6b0c2443cc354960cce44abf7f945f50b7287b3286ae663f
-
SSDEEP
384:iLZxgLXeA03/lfHWtfequqP9BR3MIAQk93vmhm7UMKmIEecKdbXTzm9bVhcaD631:8Tku/sOIA/vMHTi9bD
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Loader.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
v4.0
HaCkED
display-trade.at.ply.gg:25685
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Loader.exe
-
Size
27KB
-
MD5
d71f1e29b9ed6166277cc0977cd9196c
-
SHA1
00f51f5a639930290ac6abe9cbd382101bad73fc
-
SHA256
0bd144d491d483c06337995107aaab02a66bb315dc298fe6b04ae9be6d58a97c
-
SHA512
0662780ccb7273639867b1c150f72f4773b47395bdb5741a3b8b6fa71f9c1a079697e5c2729ab43d6b0c2443cc354960cce44abf7f945f50b7287b3286ae663f
-
SSDEEP
384:iLZxgLXeA03/lfHWtfequqP9BR3MIAQk93vmhm7UMKmIEecKdbXTzm9bVhcaD631:8Tku/sOIA/vMHTi9bD
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-