General
-
Target
a5ed1cf92e3ca2b2ee478c0c9ed84034
-
Size
61KB
-
Sample
231219-1c4vsaafh4
-
MD5
a5ed1cf92e3ca2b2ee478c0c9ed84034
-
SHA1
1f2d1c8564315b55d9370d6bb6cb1a94f3d72ad8
-
SHA256
a6306c0171a440bae44f3da76da3e69d528983221a0962b354b5b82b23bfa911
-
SHA512
1431dcb5b13e3e47c7d85aba93985f9b05a1614c4f298184fcd3b7723ece9bab0ed05896636acfc0a16df68a391d134e29f0f1319403e3fc131f1960f28f6c1b
-
SSDEEP
1536:6weoCsTr2cg+H32CP4Gr+D12uYew4spdA4GSuw19y:l2R+RED1IKedvs
Static task
static1
Behavioral task
behavioral1
Sample
a5ed1cf92e3ca2b2ee478c0c9ed84034.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a5ed1cf92e3ca2b2ee478c0c9ed84034.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
0.7d
@ HaCkInG By Dr WeSt @
w187.ddns.net:2020
4ef9538b5a577a1bd3c1a578ea50c133
-
reg_key
4ef9538b5a577a1bd3c1a578ea50c133
-
splitter
|'|'|
Targets
-
-
Target
a5ed1cf92e3ca2b2ee478c0c9ed84034
-
Size
61KB
-
MD5
a5ed1cf92e3ca2b2ee478c0c9ed84034
-
SHA1
1f2d1c8564315b55d9370d6bb6cb1a94f3d72ad8
-
SHA256
a6306c0171a440bae44f3da76da3e69d528983221a0962b354b5b82b23bfa911
-
SHA512
1431dcb5b13e3e47c7d85aba93985f9b05a1614c4f298184fcd3b7723ece9bab0ed05896636acfc0a16df68a391d134e29f0f1319403e3fc131f1960f28f6c1b
-
SSDEEP
1536:6weoCsTr2cg+H32CP4Gr+D12uYew4spdA4GSuw19y:l2R+RED1IKedvs
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-