General
-
Target
lll.exe
-
Size
32KB
-
Sample
230727-j1m4hacb52
-
MD5
532da7c83e4683a2ab594becffc15580
-
SHA1
57d8c7ff3b7bf7bbcf472c5bf5d15a4df1e3b62b
-
SHA256
a01e6a1ce4604181d82e13296191abdb305c97423b9fcbd7ee4ef767f2136ad6
-
SHA512
ad094d12f9e32f099696e325efd26066f513c15c3e7b9c9f7f1c9f38fda49cb93f0ff8a2cbf915be9ff73bdec874c1dd59b0f0791b87c9487fb3828ba336d509
-
SSDEEP
768:b4US21HxSgzxbSLw0cWLjrBv1XQmIDUu0tiLkjI:kWDerRFQVkVjI
Malware Config
Extracted
njrat
0.7d
MyBot
score-told.craft.ply.gg:54077
c54d9760bfa8660be8f7c061194ec438
-
reg_key
c54d9760bfa8660be8f7c061194ec438
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
lll.exe
-
Size
32KB
-
MD5
532da7c83e4683a2ab594becffc15580
-
SHA1
57d8c7ff3b7bf7bbcf472c5bf5d15a4df1e3b62b
-
SHA256
a01e6a1ce4604181d82e13296191abdb305c97423b9fcbd7ee4ef767f2136ad6
-
SHA512
ad094d12f9e32f099696e325efd26066f513c15c3e7b9c9f7f1c9f38fda49cb93f0ff8a2cbf915be9ff73bdec874c1dd59b0f0791b87c9487fb3828ba336d509
-
SSDEEP
768:b4US21HxSgzxbSLw0cWLjrBv1XQmIDUu0tiLkjI:kWDerRFQVkVjI
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-