General
-
Target
NEAS.03fd7fb73101276f20479439334d5180.exe
-
Size
488KB
-
Sample
231104-n2hydshc4x
-
MD5
03fd7fb73101276f20479439334d5180
-
SHA1
5743d124c5900813864f7c5754eded205038ee5e
-
SHA256
dbf13efbb28dfa92ccfe3d906bad2723f3e67d2d911174139c2e0e66953e8314
-
SHA512
b89e571aeb951da5f19969be524ea27730020212408438dd3da822ef77ac61fbcb6ce93d4340c4c88899df9553318457913ef1b684700064f1248036992df02f
-
SSDEEP
12288:VcXUN973paI/F9jpUpBzTAJNUdglNURD1xo9xxb3qkqcE6fKQo:WEN973phvt8tmUdkw1xo9xtacE09o
Behavioral task
behavioral1
Sample
NEAS.03fd7fb73101276f20479439334d5180.exe
Resource
win7-20231025-en
Malware Config
Extracted
njrat
0.7.3
Limebot3
microsoftdnsbug.duckdns.org:6699
Client.exe
-
reg_key
Client.exe
-
splitter
luffy
Targets
-
-
Target
NEAS.03fd7fb73101276f20479439334d5180.exe
-
Size
488KB
-
MD5
03fd7fb73101276f20479439334d5180
-
SHA1
5743d124c5900813864f7c5754eded205038ee5e
-
SHA256
dbf13efbb28dfa92ccfe3d906bad2723f3e67d2d911174139c2e0e66953e8314
-
SHA512
b89e571aeb951da5f19969be524ea27730020212408438dd3da822ef77ac61fbcb6ce93d4340c4c88899df9553318457913ef1b684700064f1248036992df02f
-
SSDEEP
12288:VcXUN973paI/F9jpUpBzTAJNUdglNURD1xo9xxb3qkqcE6fKQo:WEN973phvt8tmUdkw1xo9xtacE09o
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-