General
-
Target
tmp
-
Size
93KB
-
Sample
240302-dvmb5ahd9v
-
MD5
701061274a68a71561cf2ec0a1332635
-
SHA1
f83da28647230602bb88461341a052bef651cbd5
-
SHA256
10e012b7d6d88eba23bc9ba0ae4ee9cb299a1f688fb8ccac9c1f03319e0a7575
-
SHA512
ed5fc6fe6b82fefeb943c1cb20fdac7e01d43784a3cbd4fe88f7ea5cebe014609585ee354b3382ed822969f8ba453b9fa8b197acd2f110a664e6ff65e1412d7f
-
SSDEEP
1536:MI4JD/HBZbszKu9AZpE7r1jEwzGi1dDoDjgS:MI3zK4AZCHCi1d+c
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.7d
Hacked
hakim32.ddns.net:2000
45.142.182.104:4568
8176ddd3532710782091cb4edeb4cd62
-
reg_key
8176ddd3532710782091cb4edeb4cd62
-
splitter
|'|'|
Targets
-
-
Target
tmp
-
Size
93KB
-
MD5
701061274a68a71561cf2ec0a1332635
-
SHA1
f83da28647230602bb88461341a052bef651cbd5
-
SHA256
10e012b7d6d88eba23bc9ba0ae4ee9cb299a1f688fb8ccac9c1f03319e0a7575
-
SHA512
ed5fc6fe6b82fefeb943c1cb20fdac7e01d43784a3cbd4fe88f7ea5cebe014609585ee354b3382ed822969f8ba453b9fa8b197acd2f110a664e6ff65e1412d7f
-
SSDEEP
1536:MI4JD/HBZbszKu9AZpE7r1jEwzGi1dDoDjgS:MI3zK4AZCHCi1d+c
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-