General
-
Target
Feather Nowy Patch.exe
-
Size
93KB
-
Sample
240621-m51ryaxbjg
-
MD5
be218e2ceb4d25801279721a0e40f6ad
-
SHA1
45e45898d92be64ce31352693068e583f6305e91
-
SHA256
5e205cca2f9ad3518674667668af7abbc83e040458d85543bea93c992c8e3a00
-
SHA512
e1c788c80be433c645eb91751c4e8b32ed84552cf6cf9ab0e9e8d1147979e274438a700fba80972d8599b1c8143935240ec95e76bc4a6778107a85e3a8d2e53c
-
SSDEEP
1536:HuD6xreTKsKgrO9w/5NjEwzGi1dDiD6gS:Hu9KsKgrOeh6i1dU/
Behavioral task
behavioral1
Sample
Feather Nowy Patch.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
Debil
hakim32.ddns.net:2000
lake-french.gl.at.ply.gg:33694
5d215efb685d488d29cc52d66504493b
-
reg_key
5d215efb685d488d29cc52d66504493b
-
splitter
|'|'|
Targets
-
-
Target
Feather Nowy Patch.exe
-
Size
93KB
-
MD5
be218e2ceb4d25801279721a0e40f6ad
-
SHA1
45e45898d92be64ce31352693068e583f6305e91
-
SHA256
5e205cca2f9ad3518674667668af7abbc83e040458d85543bea93c992c8e3a00
-
SHA512
e1c788c80be433c645eb91751c4e8b32ed84552cf6cf9ab0e9e8d1147979e274438a700fba80972d8599b1c8143935240ec95e76bc4a6778107a85e3a8d2e53c
-
SSDEEP
1536:HuD6xreTKsKgrO9w/5NjEwzGi1dDiD6gS:Hu9KsKgrOeh6i1dU/
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-