General
-
Target
682061b30d5c929bd31e5d23a1a736ead65f124d16732f4e3de2ea973daf0f66
-
Size
16KB
-
Sample
240419-v8nksaah77
-
MD5
c7bcc707254a6b8ba96251df125d90df
-
SHA1
a5fb15679cf07b7f7a0d1f4355e256183548d7fe
-
SHA256
682061b30d5c929bd31e5d23a1a736ead65f124d16732f4e3de2ea973daf0f66
-
SHA512
d49e43998fad1fc15c35cab164a5b877230285aec3e930e729945c42bff545c75d953ce560ef3fdd17f47cb614af4d5c847b4cf9d77e09d8642088503f340e83
-
SSDEEP
384:jTjUP8Cab0Mbvd4RLMdHLHGXj/4g7Eb64rFHf3tm67QC+p47s:HHJbvWV8rH454b6kpdmW7yt
Behavioral task
behavioral1
Sample
6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
im523
MAX
0.tcp.eu.ngrok.io:13241
0557bafb14c73fcc927e4c1c97522cd6
-
reg_key
0557bafb14c73fcc927e4c1c97522cd6
-
splitter
|'|'|
Targets
-
-
Target
6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f.exe
-
Size
37KB
-
MD5
a78337c1b891d73341d4012dc77fbea1
-
SHA1
e80f17b9e3650d9461234efe9cbca0cd96b0b0fb
-
SHA256
6339af085c42edefc5bff55a84c66e8945a567eb193cc29b497aeb0233d53e0f
-
SHA512
7c21e0680442c2c170cd494e32709c367e47a955ac2e61dd1f223e31ef5d400cb11eb2d5420943cc343c05df0b1b654575d2e7364f1706e42c664af4f4d0df73
-
SSDEEP
384:q2aIiudjtD+P3V+y0b3+LCtf1QseiXFrAF+rMRTyN/0L+EcoinblneHQM3epzXKL:TFmV10b3+LCtCViVrM+rMRa8NuzWt
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-