General
-
Target
ll.exe
-
Size
27KB
-
Sample
230514-em7tjach6t
-
MD5
de5753b925342fff90f2dcf81c6d9cb0
-
SHA1
2bb8299a7849fde1ab469d5f15b99fcca0353ab2
-
SHA256
6411785178d40974b991439a952a8cd7e9b6a1eaaa9b1d6aca9e943cb60a042a
-
SHA512
aaaf3fd9eb379f7cbbc66eb726e281fc2ff7195b65586617e01b7377b7b7beae1cbf83e63b3c4238cfe94dd712beb617a9534529f0618311deabc1eb7555c8be
-
SSDEEP
384:yLplYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcah6gr6s:sfZxRm8VA/vMHTi9bD
Behavioral task
behavioral1
Sample
ll.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ll.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
v2.0
Victem
paul-positive.at.ply.gg:9693
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
ll.exe
-
Size
27KB
-
MD5
de5753b925342fff90f2dcf81c6d9cb0
-
SHA1
2bb8299a7849fde1ab469d5f15b99fcca0353ab2
-
SHA256
6411785178d40974b991439a952a8cd7e9b6a1eaaa9b1d6aca9e943cb60a042a
-
SHA512
aaaf3fd9eb379f7cbbc66eb726e281fc2ff7195b65586617e01b7377b7b7beae1cbf83e63b3c4238cfe94dd712beb617a9534529f0618311deabc1eb7555c8be
-
SSDEEP
384:yLplYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcah6gr6s:sfZxRm8VA/vMHTi9bD
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-