General
-
Target
Server.exe
-
Size
37KB
-
Sample
230701-tgbapsha72
-
MD5
1255704ca414ea9c05ce83d01ee612e3
-
SHA1
ca1790e00ca9cdb43b5ad9ce47696c160b841295
-
SHA256
196809ae788f4bcdabed4b3ed4bd15a96094a17c2bd7835c6e897c70d4118f99
-
SHA512
cf60159193c3a6744a5a4322a46437aedc21b072782d85bb11c1bccfdf888ae904761c9a1e0b0025eff6aa9d9aa1daaeb9eeb74609bac4447dff72576657501f
-
SSDEEP
384:yufbAKiwBqaJzN5BLiFI4yUvEX3/Ts4ODgFBrAF+rMRTyN/0L+EcoinblneHQM35:rfBfP5TUvEnglgXrM+rMRa8Nu/+t
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
njrat
im523
Youtube
house-induced.at.ply.gg:42235
aa334bb4a5ba8e94fe328c2fa3c29511
-
reg_key
aa334bb4a5ba8e94fe328c2fa3c29511
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
37KB
-
MD5
1255704ca414ea9c05ce83d01ee612e3
-
SHA1
ca1790e00ca9cdb43b5ad9ce47696c160b841295
-
SHA256
196809ae788f4bcdabed4b3ed4bd15a96094a17c2bd7835c6e897c70d4118f99
-
SHA512
cf60159193c3a6744a5a4322a46437aedc21b072782d85bb11c1bccfdf888ae904761c9a1e0b0025eff6aa9d9aa1daaeb9eeb74609bac4447dff72576657501f
-
SSDEEP
384:yufbAKiwBqaJzN5BLiFI4yUvEX3/Ts4ODgFBrAF+rMRTyN/0L+EcoinblneHQM35:rfBfP5TUvEnglgXrM+rMRa8Nu/+t
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-