General
-
Target
a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2
-
Size
61KB
-
Sample
240226-1tf52sha86
-
MD5
944c114e02b1d7fdc46e0b495cfc01c3
-
SHA1
0b810447828a36ce22d905c0a5ca8ce6f38700ba
-
SHA256
a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2
-
SHA512
c5c30fdd8d2dbda2cfa1a10d56d7a7485cd0d565e49542fa6f9dd9c05ce2606feaef4855656ceab4e8f3bb60dd13f4fc564e6566ec23dcec8d8aca8d6b2d071c
-
SSDEEP
1536:6weoCsTr2cg+H32CP4Gr+D12uYew4spdA4GSuw1:l2R+RED1IKedv
Static task
static1
Behavioral task
behavioral1
Sample
a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
@ HaCkInG By Dr WeSt @
w187.ddns.net:2020
4ef9538b5a577a1bd3c1a578ea50c133
-
reg_key
4ef9538b5a577a1bd3c1a578ea50c133
-
splitter
|'|'|
Targets
-
-
Target
a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2
-
Size
61KB
-
MD5
944c114e02b1d7fdc46e0b495cfc01c3
-
SHA1
0b810447828a36ce22d905c0a5ca8ce6f38700ba
-
SHA256
a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2
-
SHA512
c5c30fdd8d2dbda2cfa1a10d56d7a7485cd0d565e49542fa6f9dd9c05ce2606feaef4855656ceab4e8f3bb60dd13f4fc564e6566ec23dcec8d8aca8d6b2d071c
-
SSDEEP
1536:6weoCsTr2cg+H32CP4Gr+D12uYew4spdA4GSuw1:l2R+RED1IKedv
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-