General
-
Target
17e8b8ca2511a8273d049a478d075fc2
-
Size
349KB
-
Sample
231230-n75z4sfdh5
-
MD5
17e8b8ca2511a8273d049a478d075fc2
-
SHA1
3a473b8f7bbd4c878ffd9101482d164a6bbac60c
-
SHA256
c093b4cd2ad7f9eaf3dc918333d6df78753ff18f71b4ac722862a7d8cf44031a
-
SHA512
4094b0be82a62ac2d7ae08aeae432ba1a89ca9c40f7c5bfec19bbde529a8a0fdef56f19be63263936cab2dd429dbdd70df754d9ba35b45253597b99d15329429
-
SSDEEP
6144:jXXXXXXXXXXXXXXXXXfqJuiHivvWxzfHWojlNBXNU+Y07sxKCYsRCgPtZXzgAtxs:
Static task
static1
Behavioral task
behavioral1
Sample
17e8b8ca2511a8273d049a478d075fc2.exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
0.7d
Hack
runtime.kro.kr:6522
15ac00e92ea47b4f7ac4e4714b9affcb
-
reg_key
15ac00e92ea47b4f7ac4e4714b9affcb
-
splitter
|'|'|
Targets
-
-
Target
17e8b8ca2511a8273d049a478d075fc2
-
Size
349KB
-
MD5
17e8b8ca2511a8273d049a478d075fc2
-
SHA1
3a473b8f7bbd4c878ffd9101482d164a6bbac60c
-
SHA256
c093b4cd2ad7f9eaf3dc918333d6df78753ff18f71b4ac722862a7d8cf44031a
-
SHA512
4094b0be82a62ac2d7ae08aeae432ba1a89ca9c40f7c5bfec19bbde529a8a0fdef56f19be63263936cab2dd429dbdd70df754d9ba35b45253597b99d15329429
-
SSDEEP
6144:jXXXXXXXXXXXXXXXXXfqJuiHivvWxzfHWojlNBXNU+Y07sxKCYsRCgPtZXzgAtxs:
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-