General
-
Target
c2121cc7b8b8d8f29a57d91ee3095850
-
Size
1.3MB
-
Sample
240312-bgswmsdf35
-
MD5
c2121cc7b8b8d8f29a57d91ee3095850
-
SHA1
fcae608229774cf9de89b78d29dafada24eecc79
-
SHA256
918604f4773a9a1573024ce0f344f69184bb97a35a75da37f9f47d4fc7d4e252
-
SHA512
df24477af5c74420bf8eab725b00498f717756e814e298b51aeed247b662f3ecc595c8c8eadaa72a320444a88088698af8b0c0f46c36ced9c1a8c87d995a3d27
-
SSDEEP
24576:MpcLKQu3LLjfOk0TBXjAtOuF/nrfxlNRY8moRd:9jswWtOuF/rfdRRd
Static task
static1
Behavioral task
behavioral1
Sample
c2121cc7b8b8d8f29a57d91ee3095850.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
testing35123.duckdns.org:1604
830de61871284cdea
-
reg_key
830de61871284cdea
-
splitter
@!#&^%$
Targets
-
-
Target
c2121cc7b8b8d8f29a57d91ee3095850
-
Size
1.3MB
-
MD5
c2121cc7b8b8d8f29a57d91ee3095850
-
SHA1
fcae608229774cf9de89b78d29dafada24eecc79
-
SHA256
918604f4773a9a1573024ce0f344f69184bb97a35a75da37f9f47d4fc7d4e252
-
SHA512
df24477af5c74420bf8eab725b00498f717756e814e298b51aeed247b662f3ecc595c8c8eadaa72a320444a88088698af8b0c0f46c36ced9c1a8c87d995a3d27
-
SSDEEP
24576:MpcLKQu3LLjfOk0TBXjAtOuF/nrfxlNRY8moRd:9jswWtOuF/rfdRRd
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-