General
-
Target
Server 2.exe
-
Size
93KB
-
Sample
240622-zxqm8aycrl
-
MD5
ec6bedfc8918668daf892b946d8d8998
-
SHA1
ee4ef91775da5314e87bda7bd6bdeb6a8479ce0c
-
SHA256
c661d366b4023b33cbd80de638f69f3784150b1158ea7241bf01ea1f3cdaaf81
-
SHA512
c1c5829fa03f7b3e4021fec8d051623412e1d7807beb3c144e0e1f148561310289dbb1365ed1e6c031328005e1ae26b15603f90600417ffea14d73a04d384607
-
SSDEEP
768:8Y3zeZFKghFchQVTqWnwz/1h3XE/blczxXSsvXxrjEtCdnl2pi1Rz4Rk3msGdph3:ne/K6bTq8itNE2VhjEwzGi1dDiDhgS
Behavioral task
behavioral1
Sample
Server 2.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
njrat
0.7d
Debil
hakim32.ddns.net:2000
127.0.0.1:446
cc405cae27ac73abb849a970df5f673a
-
reg_key
cc405cae27ac73abb849a970df5f673a
-
splitter
|'|'|
Targets
-
-
Target
Server 2.exe
-
Size
93KB
-
MD5
ec6bedfc8918668daf892b946d8d8998
-
SHA1
ee4ef91775da5314e87bda7bd6bdeb6a8479ce0c
-
SHA256
c661d366b4023b33cbd80de638f69f3784150b1158ea7241bf01ea1f3cdaaf81
-
SHA512
c1c5829fa03f7b3e4021fec8d051623412e1d7807beb3c144e0e1f148561310289dbb1365ed1e6c031328005e1ae26b15603f90600417ffea14d73a04d384607
-
SSDEEP
768:8Y3zeZFKghFchQVTqWnwz/1h3XE/blczxXSsvXxrjEtCdnl2pi1Rz4Rk3msGdph3:ne/K6bTq8itNE2VhjEwzGi1dDiDhgS
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-