General
-
Target
windows10.exe
-
Size
27KB
-
Sample
230516-eajwyabd22
-
MD5
68dabbb65a6969294c7d930d64388156
-
SHA1
994e0c755a74c1b72437e3fd4f099083a3d43c55
-
SHA256
fba63c7a8f43b64b63d3a452a87c429f2d85bb0df6e7f29d556a24f497b1080e
-
SHA512
5ce1ea47434505dec7572592c95d6997880ce8156cb1bfd427ab51ccf94876749708150767f05b247870d4f60335b3c6d7c911e77c4b8edbc09cb40d18954e46
-
SSDEEP
384:VLllYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcah6Vr6s:1LZxRm8VA/vMHTi9bD
Behavioral task
behavioral1
Sample
windows10.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
windows10.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
njrat
v2.0
Victem
paul-positive.at.ply.gg:9693
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
windows10.exe
-
Size
27KB
-
MD5
68dabbb65a6969294c7d930d64388156
-
SHA1
994e0c755a74c1b72437e3fd4f099083a3d43c55
-
SHA256
fba63c7a8f43b64b63d3a452a87c429f2d85bb0df6e7f29d556a24f497b1080e
-
SHA512
5ce1ea47434505dec7572592c95d6997880ce8156cb1bfd427ab51ccf94876749708150767f05b247870d4f60335b3c6d7c911e77c4b8edbc09cb40d18954e46
-
SSDEEP
384:VLllYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcah6Vr6s:1LZxRm8VA/vMHTi9bD
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-