General
-
Target
85fe87ea771624f0298537eaa5125fabdd4030c905fef48dc378edf9d8563e8b
-
Size
16KB
-
Sample
240419-v4nd8aag44
-
MD5
c7ce8674978121254fd1a65f7846f049
-
SHA1
76d61846aab492231678d13a6ece67708109a233
-
SHA256
85fe87ea771624f0298537eaa5125fabdd4030c905fef48dc378edf9d8563e8b
-
SHA512
f960a6a416a8a4152c7cae3041284f4f3a8e2bfdadcc65f16e643406bdb1b3a59f195c32a530b12efc44fa96161bd8aaf3b5d8206873790e704a2521354ed1a8
-
SSDEEP
384:45wUDliipXrmZCUwVso2cpdG/f/Ei98a4qdkf95u6s:0liEXrZUwVJ2c/A39f+fa5
Behavioral task
behavioral1
Sample
6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
im523
MAX
0.tcp.eu.ngrok.io:13241
0557bafb14c73fcc927e4c1c97522cd6
-
reg_key
0557bafb14c73fcc927e4c1c97522cd6
-
splitter
|'|'|
Targets
-
-
Target
6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f.exe
-
Size
37KB
-
MD5
a78337c1b891d73341d4012dc77fbea1
-
SHA1
e80f17b9e3650d9461234efe9cbca0cd96b0b0fb
-
SHA256
6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f
-
SHA512
7c21e0680442c2c170cd494e32709c367e47a955ac2e61dd1f223e31ef5d400cb11eb2d5420943cc343c05df0b1b654575d2e7364f1706e42c664af4f4d0df73
-
SSDEEP
384:q2aIiudjtD+P3V+y0b3+LCtf1QseiXFrAF+rMRTyN/0L+EcoinblneHQM3epzXKL:TFmV10b3+LCtCViVrM+rMRa8NuzWt
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-