General
-
Target
nikita_о (1).exe
-
Size
91KB
-
Sample
240204-qn5aksdabq
-
MD5
09b4a05f909c61a665a2cef28e5446b9
-
SHA1
8229819d49316ce151ce5a1297deae62e6ef8502
-
SHA256
dbe98e518832e5c6611af2df7be37d7ba31a0e64bfdf2e2f0874fe8fe70181b0
-
SHA512
776d2518db965bc53211283516b001a1a273647c6517a12fcc4e37ca74654b1a09ae19b70879918e33e875461f54630a39c8fde0476546f7075b6ce38cfa5537
-
SSDEEP
1536:IH0RK+ufM3vdIXq7wnais4k6O7IFVR18pNv:20SM3vdIAWj5kIFVRqN
Behavioral task
behavioral1
Sample
nikita_о (1).exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
hakim32.ddns.net:2000
Targets
-
-
Target
nikita_о (1).exe
-
Size
91KB
-
MD5
09b4a05f909c61a665a2cef28e5446b9
-
SHA1
8229819d49316ce151ce5a1297deae62e6ef8502
-
SHA256
dbe98e518832e5c6611af2df7be37d7ba31a0e64bfdf2e2f0874fe8fe70181b0
-
SHA512
776d2518db965bc53211283516b001a1a273647c6517a12fcc4e37ca74654b1a09ae19b70879918e33e875461f54630a39c8fde0476546f7075b6ce38cfa5537
-
SSDEEP
1536:IH0RK+ufM3vdIXq7wnais4k6O7IFVR18pNv:20SM3vdIAWj5kIFVRqN
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-