General
-
Target
Feather Patch Nowy.exe
-
Size
93KB
-
Sample
240621-lm46zavcre
-
MD5
d0029523bd6817f23d13054759e8ce33
-
SHA1
c62d8e3a75623581e8f8f1a1c7af715e05190b44
-
SHA256
2f88bb74f026433ef2b729aef73d10264fa8d4f8470e6aba7c7d9e6fd69014c1
-
SHA512
beb960aa43b39733e15ccc4e29af59e32cced5909c01d32b40f489b4a36a90a8660a4029a849239008426292bef12fc12e01427e46b9983a7fe00ceb2dcd7c30
-
SSDEEP
1536:suD6xreTKsKgrO93/5NjEwzGi1dDL6DggS:su9KsKgrOph6i1dgJ
Behavioral task
behavioral1
Sample
Feather Patch Nowy.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
Feather Patch Nowy.exe
Resource
win11-20240611-en
Malware Config
Extracted
njrat
0.7d
DEVIL
hakim32.ddns.net:2000
lake-french.gl.at.ply.gg:33694
91a5e7dc7357b4e2494ea04a686e134a
-
reg_key
91a5e7dc7357b4e2494ea04a686e134a
-
splitter
|'|'|
Targets
-
-
Target
Feather Patch Nowy.exe
-
Size
93KB
-
MD5
d0029523bd6817f23d13054759e8ce33
-
SHA1
c62d8e3a75623581e8f8f1a1c7af715e05190b44
-
SHA256
2f88bb74f026433ef2b729aef73d10264fa8d4f8470e6aba7c7d9e6fd69014c1
-
SHA512
beb960aa43b39733e15ccc4e29af59e32cced5909c01d32b40f489b4a36a90a8660a4029a849239008426292bef12fc12e01427e46b9983a7fe00ceb2dcd7c30
-
SSDEEP
1536:suD6xreTKsKgrO93/5NjEwzGi1dDL6DggS:su9KsKgrOph6i1dgJ
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-