General
-
Target
0x000f000000015c98-6.dat
-
Size
37KB
-
Sample
240301-ap2yvagh49
-
MD5
0412cda3646ee3de6ba970f25c12078c
-
SHA1
8253de37b97a87a4fb4fdaa2598482430406a885
-
SHA256
04e0fbb43e406c2b5e30d7ceb07bfcab2874d10cd7538de8b7dac1cf55a4aff5
-
SHA512
986e0e035bd19b3c86f7a2f4fc858e78680eb8a436ce510f9075d3b38645bf3a543f085305dc103a7c73b77c3dfa2ea92c33ecfaad034041dda8e10478d54490
-
SSDEEP
384:JY23hUidkGXR21cGMy8Pqq53tGFlymTXrAF+rMRTyN/0L+EcoinblneHQM3epzXO:y23ZLGv8Pqq58imzrM+rMRa8Nusht
Behavioral task
behavioral1
Sample
0x000f000000015c98-6.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.eu.ngrok.io:17426
e0192d0675795a229df23bf72b5e07ce
-
reg_key
e0192d0675795a229df23bf72b5e07ce
-
splitter
|'|'|
Targets
-
-
Target
0x000f000000015c98-6.dat
-
Size
37KB
-
MD5
0412cda3646ee3de6ba970f25c12078c
-
SHA1
8253de37b97a87a4fb4fdaa2598482430406a885
-
SHA256
04e0fbb43e406c2b5e30d7ceb07bfcab2874d10cd7538de8b7dac1cf55a4aff5
-
SHA512
986e0e035bd19b3c86f7a2f4fc858e78680eb8a436ce510f9075d3b38645bf3a543f085305dc103a7c73b77c3dfa2ea92c33ecfaad034041dda8e10478d54490
-
SSDEEP
384:JY23hUidkGXR21cGMy8Pqq53tGFlymTXrAF+rMRTyN/0L+EcoinblneHQM3epzXO:y23ZLGv8Pqq58imzrM+rMRa8Nusht
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-