General
-
Target
2ad44d3a4d6024a04140a501e5df7351.exe
-
Size
37KB
-
Sample
231206-ygys8ahb9s
-
MD5
2ad44d3a4d6024a04140a501e5df7351
-
SHA1
94a1e237ee077b22704225016d9b7c54dc482516
-
SHA256
de544fa6de7f86b58ff6e82a682ff8bbcc8dcdaeee61421e720f09a3471f1a72
-
SHA512
777b458b8ec76e13c51ad59384309eda09c2fbb82c846bd36a51ff4cbfcf8cc08a995f2e97891d21ae570c7fb10402edb18ff40d2b40396e24a25e15e603c3b0
-
SSDEEP
384:zDu/T8PgibBjpPu7w9qyMTO1P5IsW+LJbrAF+rMRTyN/0L+EcoinblneHQM3epzH:iQNN9ZMTO1GV+prM+rMRa8NubPt
Behavioral task
behavioral1
Sample
2ad44d3a4d6024a04140a501e5df7351.exe
Resource
win7-20231025-en
Malware Config
Extracted
njrat
im523
HacKed
6.tcp.eu.ngrok.io:11952
af413bb56f73479a5bd1a3e13a279069
-
reg_key
af413bb56f73479a5bd1a3e13a279069
-
splitter
|'|'|
Targets
-
-
Target
2ad44d3a4d6024a04140a501e5df7351.exe
-
Size
37KB
-
MD5
2ad44d3a4d6024a04140a501e5df7351
-
SHA1
94a1e237ee077b22704225016d9b7c54dc482516
-
SHA256
de544fa6de7f86b58ff6e82a682ff8bbcc8dcdaeee61421e720f09a3471f1a72
-
SHA512
777b458b8ec76e13c51ad59384309eda09c2fbb82c846bd36a51ff4cbfcf8cc08a995f2e97891d21ae570c7fb10402edb18ff40d2b40396e24a25e15e603c3b0
-
SSDEEP
384:zDu/T8PgibBjpPu7w9qyMTO1P5IsW+LJbrAF+rMRTyN/0L+EcoinblneHQM3epzH:iQNN9ZMTO1GV+prM+rMRa8NubPt
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-