General
-
Target
a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b
-
Size
69KB
-
Sample
240226-1qt8hagh85
-
MD5
dd9fa20e95d785d15ea9f9ab178876d5
-
SHA1
4a926671cf12f506676d6cb13817e9a3fe2759f2
-
SHA256
a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b
-
SHA512
ec4734e0bc8a98701ce7f47999865d2acb2871f7df0d083c51c451b4c952b5b63e0da494df73656a5e549e973bd500a22c5d225bd8d9a1f6f6295702d1a52770
-
SSDEEP
1536:cWD1ciNrSVTR1cQHUeq/6YThUoUyPspdA4GSuw1:vD+JR1cQ0eqCYThU5yPedv
Static task
static1
Behavioral task
behavioral1
Sample
a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
@ HaCkInG By Dr WeSt @
w187.ddns.net:2020
4ef9538b5a577a1bd3c1a578ea50c133
-
reg_key
4ef9538b5a577a1bd3c1a578ea50c133
-
splitter
|'|'|
Targets
-
-
Target
a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b
-
Size
69KB
-
MD5
dd9fa20e95d785d15ea9f9ab178876d5
-
SHA1
4a926671cf12f506676d6cb13817e9a3fe2759f2
-
SHA256
a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b
-
SHA512
ec4734e0bc8a98701ce7f47999865d2acb2871f7df0d083c51c451b4c952b5b63e0da494df73656a5e549e973bd500a22c5d225bd8d9a1f6f6295702d1a52770
-
SSDEEP
1536:cWD1ciNrSVTR1cQHUeq/6YThUoUyPspdA4GSuw1:vD+JR1cQ0eqCYThU5yPedv
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-