General
-
Target
NEAS.85f5baa526d15f4a1cfd53b24c5d65e0.exe
-
Size
488KB
-
Sample
231116-2e9pgsag98
-
MD5
85f5baa526d15f4a1cfd53b24c5d65e0
-
SHA1
c4b941910bfc024806d5bbe0bfef4d2358feeff6
-
SHA256
b78e09a414b8cdd11d49f2790184346d0c0011d5a303d18b7d033d8b4fb092c8
-
SHA512
b906468baa7562ca2986c9bdbd755f3539ac0422feac719c2e49bed3cf1ae330a026d896ca1a9e4e28f567a614bad8584e9e70da9c521517ff3bb98255f8e522
-
SSDEEP
12288:VcXUN973paI/F9jpUpBzTAJNUdglNURD1xo9xxb3qkqcE6fKQq:WEN973phvt8tmUdkw1xo9xtacE09q
Behavioral task
behavioral1
Sample
NEAS.85f5baa526d15f4a1cfd53b24c5d65e0.exe
Resource
win7-20231023-en
Malware Config
Extracted
njrat
0.7.3
Limebot3
microsoftdnsbug.duckdns.org:6699
Client.exe
-
reg_key
Client.exe
-
splitter
luffy
Targets
-
-
Target
NEAS.85f5baa526d15f4a1cfd53b24c5d65e0.exe
-
Size
488KB
-
MD5
85f5baa526d15f4a1cfd53b24c5d65e0
-
SHA1
c4b941910bfc024806d5bbe0bfef4d2358feeff6
-
SHA256
b78e09a414b8cdd11d49f2790184346d0c0011d5a303d18b7d033d8b4fb092c8
-
SHA512
b906468baa7562ca2986c9bdbd755f3539ac0422feac719c2e49bed3cf1ae330a026d896ca1a9e4e28f567a614bad8584e9e70da9c521517ff3bb98255f8e522
-
SSDEEP
12288:VcXUN973paI/F9jpUpBzTAJNUdglNURD1xo9xxb3qkqcE6fKQq:WEN973phvt8tmUdkw1xo9xtacE09q
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-