General
-
Target
7b8fa46b72e383ad837d382bbfedcfcb
-
Size
14.1MB
-
Sample
240127-3far8aeec9
-
MD5
7b8fa46b72e383ad837d382bbfedcfcb
-
SHA1
8d42f0b9199ba8c336f26fda6b4d2c398ad8a013
-
SHA256
6ee9c9d3a1c250a9d271a9a0ce113427bd4f5bd591cd5f1946ec5f064c35beec
-
SHA512
61ff31920ec2774780d9a381dcbe5b97268803eea3cf45ac51f24b29cec1df545b8a4f930b2055cfd92c4b7b41f1984bfc2dc0945e3062f57356243c1bc6b10c
-
SSDEEP
196608:yA6TS+uUdI5FqYWQi6D05vvG1KeQW9EfvIeo0PAzLBYZU7cca0hSif:y/e9U6rvb50xg0iYdsCZOcca0w2
Behavioral task
behavioral1
Sample
7b8fa46b72e383ad837d382bbfedcfcb.exe
Resource
win7-20231129-en
Malware Config
Extracted
njrat
0.7d
566
hakim32.ddns.net:2000
192.168.0.23:1604
68234368da23b4c12442a5f1ebf604c9
-
reg_key
68234368da23b4c12442a5f1ebf604c9
-
splitter
|'|'|
Targets
-
-
Target
7b8fa46b72e383ad837d382bbfedcfcb
-
Size
14.1MB
-
MD5
7b8fa46b72e383ad837d382bbfedcfcb
-
SHA1
8d42f0b9199ba8c336f26fda6b4d2c398ad8a013
-
SHA256
6ee9c9d3a1c250a9d271a9a0ce113427bd4f5bd591cd5f1946ec5f064c35beec
-
SHA512
61ff31920ec2774780d9a381dcbe5b97268803eea3cf45ac51f24b29cec1df545b8a4f930b2055cfd92c4b7b41f1984bfc2dc0945e3062f57356243c1bc6b10c
-
SSDEEP
196608:yA6TS+uUdI5FqYWQi6D05vvG1KeQW9EfvIeo0PAzLBYZU7cca0hSif:y/e9U6rvb50xg0iYdsCZOcca0w2
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-