General
-
Target
15963fa2085ea360f528506bd5f515d2f61bb0c456e6ca91ea814de62039ceff
-
Size
31.4MB
-
Sample
240303-bsl78sba4x
-
MD5
eaffb1a1f6fc1fc1c01cc73c3fdf0cb2
-
SHA1
6bc085e9b71cd8a79688f28547df8c1cde97ef2c
-
SHA256
15963fa2085ea360f528506bd5f515d2f61bb0c456e6ca91ea814de62039ceff
-
SHA512
69ca049498c75b683312faabcbfceb9c68af4a248c43284039e5b75e97141aba9929882ff5ef28c64dff801aef3c13297284f584853b756ba8a09bd1b18d2e2c
-
SSDEEP
393216:j51YNP9rbT01YNP9rbTetel5qPnLFXlckK9QM8nAB3Q0GF9g9Jh6vEo56OmNm:j5grsgrWIlwPLFXTK9Q1kAZubTB8
Behavioral task
behavioral1
Sample
15963fa2085ea360f528506bd5f515d2f61bb0c456e6ca91ea814de62039ceff.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
15963fa2085ea360f528506bd5f515d2f61bb0c456e6ca91ea814de62039ceff.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7.3
Lime
219.254.199.13:6522
Client.exe
-
reg_key
Client.exe
-
splitter
KartRider
Targets
-
-
Target
15963fa2085ea360f528506bd5f515d2f61bb0c456e6ca91ea814de62039ceff
-
Size
31.4MB
-
MD5
eaffb1a1f6fc1fc1c01cc73c3fdf0cb2
-
SHA1
6bc085e9b71cd8a79688f28547df8c1cde97ef2c
-
SHA256
15963fa2085ea360f528506bd5f515d2f61bb0c456e6ca91ea814de62039ceff
-
SHA512
69ca049498c75b683312faabcbfceb9c68af4a248c43284039e5b75e97141aba9929882ff5ef28c64dff801aef3c13297284f584853b756ba8a09bd1b18d2e2c
-
SSDEEP
393216:j51YNP9rbT01YNP9rbTetel5qPnLFXlckK9QM8nAB3Q0GF9g9Jh6vEo56OmNm:j5grsgrWIlwPLFXTK9Q1kAZubTB8
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-