General
-
Target
3BBE777C826B35B3182146F0DD4EB7AC.exe
-
Size
531KB
-
Sample
231208-vfahfschc4
-
MD5
3bbe777c826b35b3182146f0dd4eb7ac
-
SHA1
7c5271d9af919542bc5cc94352ed3539acc58385
-
SHA256
203c63f49bf313d9bbffe20a7fe9e43d7eb6e5b9028e84aa7bf6a0cf298e3173
-
SHA512
64059c322a102693209e6f0cc3e172f32bba068dc6be091ccc6bb277e48d594aa5d9a02622d3c2acb2f8e12f6c9985550dcbb785b15b69467bbcbed505464b82
-
SSDEEP
12288:aI4sr6oFWG14VNSkbKGIKXJ6QAZ/lZhskU:0srVbKQe6QitZc
Static task
static1
Behavioral task
behavioral1
Sample
3BBE777C826B35B3182146F0DD4EB7AC.exe
Resource
win7-20231023-en
Malware Config
Extracted
njrat
v4.0
HacKed
91.92.240.141:5577
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
3BBE777C826B35B3182146F0DD4EB7AC.exe
-
Size
531KB
-
MD5
3bbe777c826b35b3182146f0dd4eb7ac
-
SHA1
7c5271d9af919542bc5cc94352ed3539acc58385
-
SHA256
203c63f49bf313d9bbffe20a7fe9e43d7eb6e5b9028e84aa7bf6a0cf298e3173
-
SHA512
64059c322a102693209e6f0cc3e172f32bba068dc6be091ccc6bb277e48d594aa5d9a02622d3c2acb2f8e12f6c9985550dcbb785b15b69467bbcbed505464b82
-
SSDEEP
12288:aI4sr6oFWG14VNSkbKGIKXJ6QAZ/lZhskU:0srVbKQe6QitZc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-