General
-
Target
cceba27592ed89ac5aee405a987a8ab20eeaf221d40f5251148b51e8ed47ec0c
-
Size
11KB
-
Sample
240419-v12gnsbd6z
-
MD5
0e638d78dcb4b9cefb9a9d7e2f2b1046
-
SHA1
45200b33897aaaf0ed9413e37b93fb1b9807a467
-
SHA256
cceba27592ed89ac5aee405a987a8ab20eeaf221d40f5251148b51e8ed47ec0c
-
SHA512
ade2dc41d55fb204ee74f90531f9bb79d6461b5ecb5f12e2c2b5e16c5a0ff3bda9188dfe54ae41f0203646b8a5aa9ef1849f1645a199d0fd475d8cdabed7447a
-
SSDEEP
192:T5vG463iCVvHJpHHNjAw5Ro+TdG3oPEbQEegtmnP3i1HiY9YkoiJZK9XFzTOmfA:T5L23xpHtd3bdCu8mUF6knJZK9XFXfA
Behavioral task
behavioral1
Sample
23910908180a95387a88c69fc0c39f677591cbb39e236c69270c16cde6b0e1f9.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.7d
max
lafiro8872-20597.portmap.host:20597
90784841b8a7d5d70cbd91c29f323ae6
-
reg_key
90784841b8a7d5d70cbd91c29f323ae6
-
splitter
|'|'|
Targets
-
-
Target
23910908180a95387a88c69fc0c39f677591cbb39e236c69270c16cde6b0e1f9.exe
-
Size
23KB
-
MD5
185798f33dbbe25c3fc48b808ce8460c
-
SHA1
80034d0bf3444eb14d2a3a1c45e393580c94213c
-
SHA256
23910908180a95387a88c69fc0c39f677591cbb39e236c69270c16cde6b0e1f9
-
SHA512
3351f5122fdb9442c73c175449975ffcc3b286e79331c0e4cdf35d814700745d5dba593842222f093ef5e1a129a5b2eca8c0594d4d1a9036519f9a3ed54ab619
-
SSDEEP
384:yc6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZ+a:lIU0tw3Rpcnue
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-