General
-
Target
ac374efc62c6d14364c314e119e576ba
-
Size
1KB
-
Sample
240228-swgwcseg85
-
MD5
ac374efc62c6d14364c314e119e576ba
-
SHA1
578d0cfc3271dc0831a03a98776c5eb62c4dcb84
-
SHA256
2ebc6f6879d6b4b2bdacdc34d4472b5f5c2a46c0b4d4907bab6b56af56ea0cb3
-
SHA512
95e4af6eb641be115df0bf5c6f333d6039956f0f1407b05408e5877d5a5e342a5440429d17e808048c3c1b27c382a942d8de8d0c5a2230bb1abf769ca57a497a
Static task
static1
Behavioral task
behavioral1
Sample
ac374efc62c6d14364c314e119e576ba.lnk
Resource
win7-20240221-en
Malware Config
Extracted
https://ia601406.us.archive.org/21/items/invoice-011/Invoice%23011.txt
Extracted
https://ia601509.us.archive.org/18/items/bypass_20210729_1426/bypass.txt
Extracted
njrat
v4.0
HacKed
gerousd8.duckdns.org:7827
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
ac374efc62c6d14364c314e119e576ba
-
Size
1KB
-
MD5
ac374efc62c6d14364c314e119e576ba
-
SHA1
578d0cfc3271dc0831a03a98776c5eb62c4dcb84
-
SHA256
2ebc6f6879d6b4b2bdacdc34d4472b5f5c2a46c0b4d4907bab6b56af56ea0cb3
-
SHA512
95e4af6eb641be115df0bf5c6f333d6039956f0f1407b05408e5877d5a5e342a5440429d17e808048c3c1b27c382a942d8de8d0c5a2230bb1abf769ca57a497a
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-