General
-
Target
sniif.Scr
-
Size
816KB
-
Sample
240127-tsrrtshdcl
-
MD5
307e9f20e28312dc72fcef348272b97d
-
SHA1
64c755cc253d2bd8db2aeb9968070a3150625a45
-
SHA256
94bc5f862a6a4b71ba591c3ab18bb08ea68907cd28667659e107d9c8c8e41b28
-
SHA512
cbef748a6e406e2203f7d05d1eef140a84541520c21d816cf8b75171a79de60655e19be3c4c199f05e4c9c520e878f0e4e33adfe91cb8dbd99e1655b2406ba12
-
SSDEEP
3072:I1QYi9bcppwFZaa38xU7LPs30r6/R6aEmay8VU7LPs30r6/R6aEPU6LgXH:Lj9bcza38xoCay8Vo7Up
Behavioral task
behavioral1
Sample
sniif.scr
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
sniif.scr
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
v2.0
HacKed By RqEb ;)
17.ip.gl.ply.gg:46398
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
sniif.Scr
-
Size
816KB
-
MD5
307e9f20e28312dc72fcef348272b97d
-
SHA1
64c755cc253d2bd8db2aeb9968070a3150625a45
-
SHA256
94bc5f862a6a4b71ba591c3ab18bb08ea68907cd28667659e107d9c8c8e41b28
-
SHA512
cbef748a6e406e2203f7d05d1eef140a84541520c21d816cf8b75171a79de60655e19be3c4c199f05e4c9c520e878f0e4e33adfe91cb8dbd99e1655b2406ba12
-
SSDEEP
3072:I1QYi9bcppwFZaa38xU7LPs30r6/R6aEmay8VU7LPs30r6/R6aEPU6LgXH:Lj9bcza38xoCay8Vo7Up
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-