General
-
Target
-.exe
-
Size
132KB
-
Sample
230628-hgqjvahe6y
-
MD5
4f7b1a6855a843967e822d8cb179f87f
-
SHA1
7a37a02e373181b12ddd87770eba5b11224b7de4
-
SHA256
30d4b3fc02e8bfc676c5aee3ec5bfdb69c40f83ef6bb64af62396ae566bb6bd7
-
SHA512
c868f4e23f5e168e573ed20186c2f1ad07b64f158458e40b5ef478e0cc669bda5884351f063c519c51f60e39adac1c3b553fffafcc413d5f944e16d5de688a72
-
SSDEEP
3072:kX68wORs3S7rN+v6ZuxUNiMPjD7f4GBakBRIE9T:kX3Rs38oSIxIH7gGrBd9
Static task
static1
Malware Config
Extracted
xworm
opportunities-rendered.craft.ply.gg:39858
-
install_file
audiodg.exe
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
BackUp
style-camps.craft.ply.gg:37572
Text attrib corrector
-
reg_key
Text attrib corrector
-
splitter
|Hassan|
Targets
-
-
Target
-.exe
-
Size
132KB
-
MD5
4f7b1a6855a843967e822d8cb179f87f
-
SHA1
7a37a02e373181b12ddd87770eba5b11224b7de4
-
SHA256
30d4b3fc02e8bfc676c5aee3ec5bfdb69c40f83ef6bb64af62396ae566bb6bd7
-
SHA512
c868f4e23f5e168e573ed20186c2f1ad07b64f158458e40b5ef478e0cc669bda5884351f063c519c51f60e39adac1c3b553fffafcc413d5f944e16d5de688a72
-
SSDEEP
3072:kX68wORs3S7rN+v6ZuxUNiMPjD7f4GBakBRIE9T:kX3Rs38oSIxIH7gGrBd9
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-