General
-
Target
download_2.exe
-
Size
32KB
-
Sample
240614-w2z6ns1hqg
-
MD5
0246e26daf22440fde0953edf3f90ad6
-
SHA1
9f3fe6fd7cd19f746ddd2beebc69dfd00a8e23ef
-
SHA256
9085f329dbcbfae01a773a555db3dae06c197b2a7f6f733b82331a26ad4d46dd
-
SHA512
d133e215bf2bfbf9b89f036581db8a98d3e08622be667787d9e19d3bf890bea4319d21fa7794c2c339d3c41ff323b9c4fb6fbd67c834df961e83017e987aeddf
-
SSDEEP
384:20bUe5XB4e0XmO/GiaXLilpknDZWTltTUFQqz9pOObbB:XT9Bu19aXWl1EtbB
Behavioral task
behavioral1
Sample
download_2.exe
Resource
win10v2004-20240611-es
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
carlitosmoreno1794.duckdns.org:2019
bde06c84e1de4b23b
-
reg_key
bde06c84e1de4b23b
-
splitter
@!#&^%$
Extracted
http://pastebin.com/raw/V9y5Q5vv
Extracted
http://pastebin.com/raw/V9y5Q5vv
Targets
-
-
Target
download_2.exe
-
Size
32KB
-
MD5
0246e26daf22440fde0953edf3f90ad6
-
SHA1
9f3fe6fd7cd19f746ddd2beebc69dfd00a8e23ef
-
SHA256
9085f329dbcbfae01a773a555db3dae06c197b2a7f6f733b82331a26ad4d46dd
-
SHA512
d133e215bf2bfbf9b89f036581db8a98d3e08622be667787d9e19d3bf890bea4319d21fa7794c2c339d3c41ff323b9c4fb6fbd67c834df961e83017e987aeddf
-
SSDEEP
384:20bUe5XB4e0XmO/GiaXLilpknDZWTltTUFQqz9pOObbB:XT9Bu19aXWl1EtbB
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-