General
-
Target
373875.exe
-
Size
2.5MB
-
Sample
230701-x67xraaf4x
-
MD5
86b82eb9809c5d95c1eec8b83d770973
-
SHA1
7a95bfb4ea9b3680c0b7eaf661e2991834c95f9a
-
SHA256
e22450346ab41e5235c7913740afbd70243c9d16805caca160bd6fc8e56cafb6
-
SHA512
49c770f7cc537852c50539a605db0ce33c5f12854d5ca821bc5302391d7200b77b5c88261e481ee9bab9cdca01014c86aeeea4b14cce8365be368520acd9a4df
-
SSDEEP
49152:XZX8rrazq8RyOdT4xC61GyNv5rn0KtX2X8SPSecH:XZHzq+8xn1dhptXNSqXH
Behavioral task
behavioral1
Sample
373875.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
373875.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
njrat
im523
Youtube
house-induced.at.ply.gg:42235
aa334bb4a5ba8e94fe328c2fa3c29511
-
reg_key
aa334bb4a5ba8e94fe328c2fa3c29511
-
splitter
|'|'|
Targets
-
-
Target
373875.exe
-
Size
2.5MB
-
MD5
86b82eb9809c5d95c1eec8b83d770973
-
SHA1
7a95bfb4ea9b3680c0b7eaf661e2991834c95f9a
-
SHA256
e22450346ab41e5235c7913740afbd70243c9d16805caca160bd6fc8e56cafb6
-
SHA512
49c770f7cc537852c50539a605db0ce33c5f12854d5ca821bc5302391d7200b77b5c88261e481ee9bab9cdca01014c86aeeea4b14cce8365be368520acd9a4df
-
SSDEEP
49152:XZX8rrazq8RyOdT4xC61GyNv5rn0KtX2X8SPSecH:XZHzq+8xn1dhptXNSqXH
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-