General
-
Target
78dc792c0a29bf15cdea3b97ff30b8c9741f14f4cac60ef302694addc919d268
-
Size
5KB
-
Sample
230608-pw1fxsgb2t
-
MD5
a3ec2027f8d685fb7d65e879f7a1fb3c
-
SHA1
de8b092a6c5344ecaa58f32f26470dc1f6816de6
-
SHA256
78dc792c0a29bf15cdea3b97ff30b8c9741f14f4cac60ef302694addc919d268
-
SHA512
0d1bfdf84b9ed23013d39ae2e7b98dcbc29eaf49e6efb6a7cf43087c4a5e714b0a2fad1013eacbd067a8347bfdd1df3908649b2eaa2b7ec57fddf1024959e4b2
-
SSDEEP
48:61aZr5mf/241GpgU2tHBLEO11SNMzf+Gc+aMa9iMs+t4q34V/q54tM0lXiH/IFCH:rcgB2fLL+GrcTu5VLlK7zNt
Static task
static1
Behavioral task
behavioral1
Sample
78dc792c0a29bf15cdea3b97ff30b8c9741f14f4cac60ef302694addc919d268.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
78dc792c0a29bf15cdea3b97ff30b8c9741f14f4cac60ef302694addc919d268.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
Victim
mYs7erY-22338.portmap.host:22338
6286f06a10ca5fcb83180126dff9c67f
-
reg_key
6286f06a10ca5fcb83180126dff9c67f
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
78dc792c0a29bf15cdea3b97ff30b8c9741f14f4cac60ef302694addc919d268
-
Size
5KB
-
MD5
a3ec2027f8d685fb7d65e879f7a1fb3c
-
SHA1
de8b092a6c5344ecaa58f32f26470dc1f6816de6
-
SHA256
78dc792c0a29bf15cdea3b97ff30b8c9741f14f4cac60ef302694addc919d268
-
SHA512
0d1bfdf84b9ed23013d39ae2e7b98dcbc29eaf49e6efb6a7cf43087c4a5e714b0a2fad1013eacbd067a8347bfdd1df3908649b2eaa2b7ec57fddf1024959e4b2
-
SSDEEP
48:61aZr5mf/241GpgU2tHBLEO11SNMzf+Gc+aMa9iMs+t4q34V/q54tM0lXiH/IFCH:rcgB2fLL+GrcTu5VLlK7zNt
Score10/10-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-