General
-
Target
01d7dcfc0d43e1a63160c2a2b.exe
-
Size
30KB
-
Sample
230710-plyvcaab84
-
MD5
01d7dcfc0d43e1a63160c2a2be09ac3b
-
SHA1
b153f050ed9297fe236e5112ce3b4a334b18b135
-
SHA256
ac458cf6d935c1fe276458fa4ed577c356a81662fc0978ed9708abd863b519c7
-
SHA512
cc49ba199dd2c9dce7746f46f5f9bae0bf0793b955b851d5d38afcc40708e94a18000776254207f1b6c5d1d98b1154dfd345becf037417b7351dec25b9d5dd59
-
SSDEEP
768:rSHMXrwpJbb2zxxO5Seqf3isfvUuQmIDUu0tirXj:rlkK9is7QVkaj
Behavioral task
behavioral1
Sample
01d7dcfc0d43e1a63160c2a2b.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
01d7dcfc0d43e1a63160c2a2b.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
njrat
0.7d
Bot
77.241.20.215:55915
89a73e3948b3f7c938f6b700b2914080
-
reg_key
89a73e3948b3f7c938f6b700b2914080
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
01d7dcfc0d43e1a63160c2a2b.exe
-
Size
30KB
-
MD5
01d7dcfc0d43e1a63160c2a2be09ac3b
-
SHA1
b153f050ed9297fe236e5112ce3b4a334b18b135
-
SHA256
ac458cf6d935c1fe276458fa4ed577c356a81662fc0978ed9708abd863b519c7
-
SHA512
cc49ba199dd2c9dce7746f46f5f9bae0bf0793b955b851d5d38afcc40708e94a18000776254207f1b6c5d1d98b1154dfd345becf037417b7351dec25b9d5dd59
-
SSDEEP
768:rSHMXrwpJbb2zxxO5Seqf3isfvUuQmIDUu0tirXj:rlkK9is7QVkaj
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-