General
-
Target
Payloa2d.exe
-
Size
54KB
-
Sample
230406-299b7she8w
-
MD5
51a7e796b79686344f742fb0404b28b2
-
SHA1
ae0f70b54337c769ea4cb4f5f9c91fe8a7f5b71a
-
SHA256
44e7505daa18d0e8a8948ff4d77a0f1200a90e7ab9fd519bc86ffc7dfca4592f
-
SHA512
db20b7d007900a3831f4e3d6d39f7ea37c63e20345a13992c4651f9d4c380ccc7820bd7752dbfec4a117acc1be2cd7330436bddddd03f45a767e1155a74601f2
-
SSDEEP
1536:YklhtMDnPNXkBGmtp6xDNwsNMDNXExI3pmzm:rZMDnR6P6xDNwsNMDNXExI3pm
Behavioral task
behavioral1
Sample
Payloa2d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Payloa2d.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
Pfas
46.147.175.250:777
912a1f951d033ffc677042d1ef13224f
-
reg_key
912a1f951d033ffc677042d1ef13224f
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
Payloa2d.exe
-
Size
54KB
-
MD5
51a7e796b79686344f742fb0404b28b2
-
SHA1
ae0f70b54337c769ea4cb4f5f9c91fe8a7f5b71a
-
SHA256
44e7505daa18d0e8a8948ff4d77a0f1200a90e7ab9fd519bc86ffc7dfca4592f
-
SHA512
db20b7d007900a3831f4e3d6d39f7ea37c63e20345a13992c4651f9d4c380ccc7820bd7752dbfec4a117acc1be2cd7330436bddddd03f45a767e1155a74601f2
-
SSDEEP
1536:YklhtMDnPNXkBGmtp6xDNwsNMDNXExI3pmzm:rZMDnR6P6xDNwsNMDNXExI3pm
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-