General
-
Target
1.exe
-
Size
55KB
-
Sample
241217-m895saxphv
-
MD5
ac8733a16862797fe27d86a080a46cce
-
SHA1
4884cd013329a1b434f2ec8906223ef96b89d00c
-
SHA256
585de753d93fcfd637af3d7c9814bd9dd42f733d3167a25f420bed3f075cf0f7
-
SHA512
a142f852fcb4cc7067738e71df8e286060888142cc2924f006c2a9e8d154998c6f171a94ba89355847641375307d0562087e486819defb679ecb2b0fe533671c
-
SSDEEP
768:ZVbHFOt1MankGn2NsW6ingB3wkkSNOmwFvfu0YMDHPsAL7XJSxI3pmwm:ZVZcDn4NsRinqtDDwsNMD3XExI3pmwm
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
Victim
november-knife.gl.at.ply.gg:31521
11ebedf6aaa70ff2ab1151cb697977f2
-
reg_key
11ebedf6aaa70ff2ab1151cb697977f2
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
1.exe
-
Size
55KB
-
MD5
ac8733a16862797fe27d86a080a46cce
-
SHA1
4884cd013329a1b434f2ec8906223ef96b89d00c
-
SHA256
585de753d93fcfd637af3d7c9814bd9dd42f733d3167a25f420bed3f075cf0f7
-
SHA512
a142f852fcb4cc7067738e71df8e286060888142cc2924f006c2a9e8d154998c6f171a94ba89355847641375307d0562087e486819defb679ecb2b0fe533671c
-
SSDEEP
768:ZVbHFOt1MankGn2NsW6ingB3wkkSNOmwFvfu0YMDHPsAL7XJSxI3pmwm:ZVZcDn4NsRinqtDDwsNMD3XExI3pmwm
Score10/10-
Njrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-