General
-
Target
productinfo.exe
-
Size
675KB
-
Sample
230605-jvdmwafh9x
-
MD5
7e41b02d2dc1786d5c008c127d38041f
-
SHA1
e425aa7a2907c44446f3c9f5213b10ab4774579a
-
SHA256
111c25bd4cd2f4771e7fec9e564c623218e06eb1b9d839cf58a9f117b4979ac0
-
SHA512
940fa350da661bc6d14a4fcd47f1a266e03a98e67124c39daa1233703ef0fe322139b3c35493b66b734f77f453da9bfaff205a669eea5a71df83989084cf61a8
-
SSDEEP
12288:zrgDZYg3dHlWxMzIHREJVk/bq4izoW/m7R8IJJz5FJuGjNKdnzP8NWQ:zMWSdHlWxMiQW/O4ue7RjDjIAN
Static task
static1
Behavioral task
behavioral1
Sample
productinfo.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
v4.0
HacKed
194.55.224.37:7777
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
productinfo.exe
-
Size
675KB
-
MD5
7e41b02d2dc1786d5c008c127d38041f
-
SHA1
e425aa7a2907c44446f3c9f5213b10ab4774579a
-
SHA256
111c25bd4cd2f4771e7fec9e564c623218e06eb1b9d839cf58a9f117b4979ac0
-
SHA512
940fa350da661bc6d14a4fcd47f1a266e03a98e67124c39daa1233703ef0fe322139b3c35493b66b734f77f453da9bfaff205a669eea5a71df83989084cf61a8
-
SSDEEP
12288:zrgDZYg3dHlWxMzIHREJVk/bq4izoW/m7R8IJJz5FJuGjNKdnzP8NWQ:zMWSdHlWxMiQW/O4ue7RjDjIAN
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-