General
-
Target
d7ecfa692e7011546aa1c215a9607c5721a67a1fb25f8cdc51879fd477701187
-
Size
34KB
-
Sample
240419-v155vsbd7w
-
MD5
3b5750e590bd92f9f0667c119b2a53a3
-
SHA1
c90cd3b79b0ffa91a4242aed7a6c978b390b7729
-
SHA256
d7ecfa692e7011546aa1c215a9607c5721a67a1fb25f8cdc51879fd477701187
-
SHA512
8508ecb8c6287b01ca8ea3c8f9a18fa98214188959b7330b97c89462f2b1439b6a70bc998cb9fda7048c0f05552b0e15999ba24a176523592e65a43dc74a5484
-
SSDEEP
768:59/I/Oa/0egUW4tpTMH4V40oIybrpfE7hyy77qsKLPq+Q6+:3IRtgUW4tp4H4V71ylE7V77qsCPq+QZ
Behavioral task
behavioral1
Sample
07978fa2227aea6cde2cee414f1ae42054ccb9fedf60848c451fb2e5a8052e67.exe
Resource
win7-20240220-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
178.63.148.180:5552
502f9ccc8d7ba2dfb19936de34f9632e
-
reg_key
502f9ccc8d7ba2dfb19936de34f9632e
-
splitter
|'|'|
Targets
-
-
Target
07978fa2227aea6cde2cee414f1ae42054ccb9fedf60848c451fb2e5a8052e67.exe
-
Size
93KB
-
MD5
e13d50a386b5e8f3ae3d11e3d1033e21
-
SHA1
959b3e5462da725d7da1c046a241bdd9214e0036
-
SHA256
07978fa2227aea6cde2cee414f1ae42054ccb9fedf60848c451fb2e5a8052e67
-
SHA512
6ac3c052cb930c7a6692e14c8ac696b3d65664ebe05e0b7325abef159285271639c257b06c2c2f7eb25adfb415721639231ee383ab47c90a94cc4796a82d179a
-
SSDEEP
768:IY33WJhWXxyFcxovUKUJuROprXtgN8eYhYbmXxrjEtCdnl2pi1Rz4Rk31sGdpSgM:nW3WhIUKcuOJXPhBjEwzGi1dDlDSgS
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-