General
-
Target
01a15ebeb25b4396bf1f943a9ff2f240.bin
-
Size
94KB
-
Sample
230706-bcr4jshh2x
-
MD5
2b2884098218c9d5d18d1f038c3dca06
-
SHA1
844543ce8c3cce0df502eaec2a176e6269b12997
-
SHA256
8d94f9eec9ee616e264c8eb3593e76428828220a16eee0c24d49c103814a3988
-
SHA512
757b5cb4ec3bee3165ef1a4ebcf2c9b1167f533a0a2225fe97525a443ec21e1810e07e1ec7c0a8d4af79da9b96b201ce6b8c8250960ed327daffd6901f7ef395
-
SSDEEP
1536:nYAWncvHUulITNVWX2zNrT/qdaT94IHdPxmqyZ15mGN8cWF75HIf9nhD1451XoMj:a2xWTNMmzp/HvHdpm/jmGmF7GDqKdC7
Static task
static1
Behavioral task
behavioral1
Sample
60e7f5996d69fb22c55c4b6e25cb881ab49a46f3714a42d35dc6f3a66f853498.exe
Resource
win7-20230703-en
Malware Config
Extracted
njrat
0.7d
HACKER
hakim32.ddns.net:2000
numbers-characterization.at.ply.gg:45038
ba79c07aec28b61ac839eeb4fafa3141
-
reg_key
ba79c07aec28b61ac839eeb4fafa3141
-
splitter
|'|'|
Targets
-
-
Target
60e7f5996d69fb22c55c4b6e25cb881ab49a46f3714a42d35dc6f3a66f853498.exe
-
Size
99KB
-
MD5
01a15ebeb25b4396bf1f943a9ff2f240
-
SHA1
45464e9c127300244902f3628b3b11e34c0e8530
-
SHA256
60e7f5996d69fb22c55c4b6e25cb881ab49a46f3714a42d35dc6f3a66f853498
-
SHA512
18645b8a88275d4ea01c0878900c0e3a4983495a30f818fa1641e4f74c6ac3547d07d3268ba9540847b18671cbcb06f0a73a9544988710a0b67e982863b13578
-
SSDEEP
1536:8WxWs7X4DWTjujzDwuKT3CePS7PoZK2K3r2gGHAfT+qFHuVp6ryQy38a:pveWTjuj/KT3COS7PoM6ghvOV8r28a
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-