General
-
Target
fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12
-
Size
26KB
-
Sample
240701-fjt9pszfmj
-
MD5
c5345d4fc7f76d831ad72593042320e7
-
SHA1
5fd9bc9840cdfcafa164b1bd784aea63b3c34a68
-
SHA256
fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12
-
SHA512
ded97b3bac82fd3f3db6c08b72fb3bc4097c5ea3bef3dc0d145b8b852d84cda8d5331e4d7e75f260a347dd2c75f7470afb4aa0d4af51f54d86ed624af6359be4
-
SSDEEP
384:YLwlYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcaQ6br6s:mAZxRm8VA/vMHTi9bD
Behavioral task
behavioral1
Sample
fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
njrat
v2.0
OPS studio
127.0.0.1:1177
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12
-
Size
26KB
-
MD5
c5345d4fc7f76d831ad72593042320e7
-
SHA1
5fd9bc9840cdfcafa164b1bd784aea63b3c34a68
-
SHA256
fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12
-
SHA512
ded97b3bac82fd3f3db6c08b72fb3bc4097c5ea3bef3dc0d145b8b852d84cda8d5331e4d7e75f260a347dd2c75f7470afb4aa0d4af51f54d86ed624af6359be4
-
SSDEEP
384:YLwlYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcaQ6br6s:mAZxRm8VA/vMHTi9bD
Score10/10-
Detects executables using attrib with suspicious attributes attributes
-
Detects file containing reversed ASEP Autorun registry keys
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-