General
-
Target
Feather nowy Patch!.exe
-
Size
93KB
-
Sample
240621-mnhj2awekb
-
MD5
80d166210cd7fad5702d812548afb620
-
SHA1
f7f27ecba8b819eb0cbbf8f52cc61bd34445a46d
-
SHA256
8361a51be1cb3118af3c0055078e6406ebbb39df670ae0d652e94481721b6e0f
-
SHA512
5e22c1915b6065e2f3427de34b821f996320d9fd6a05cb1609697a21bb0fa6fc78f474b0f60a660b9823126ac2e01d333e2aa38d6190ae8ec7d1f24141a5b25d
-
SSDEEP
1536:FGKPWSwWbaDNul2O1qjEwzGi1dDiDegS:FGbPWbaDNu8eTi1dED
Behavioral task
behavioral1
Sample
Feather nowy Patch!.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
njrat
0.7d
Debil
hakim32.ddns.net:2000
wandering-pond-92780.pktriot.net :8191
59d5f4f897b66ddcc23b4efd7795be0f
-
reg_key
59d5f4f897b66ddcc23b4efd7795be0f
-
splitter
|'|'|
Targets
-
-
Target
Feather nowy Patch!.exe
-
Size
93KB
-
MD5
80d166210cd7fad5702d812548afb620
-
SHA1
f7f27ecba8b819eb0cbbf8f52cc61bd34445a46d
-
SHA256
8361a51be1cb3118af3c0055078e6406ebbb39df670ae0d652e94481721b6e0f
-
SHA512
5e22c1915b6065e2f3427de34b821f996320d9fd6a05cb1609697a21bb0fa6fc78f474b0f60a660b9823126ac2e01d333e2aa38d6190ae8ec7d1f24141a5b25d
-
SSDEEP
1536:FGKPWSwWbaDNul2O1qjEwzGi1dDiDegS:FGbPWbaDNu8eTi1dED
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-