General
-
Target
77995f9bc0c2cee84b02ebcca1e74714574b0decf6aa80c788fb5d553c8c0efb
-
Size
539KB
-
Sample
220309-wel1jaebdr
-
MD5
c6f6dbd9cc541857159b379ed0b52e9a
-
SHA1
9fb25d597eae11b3867e8dd532d536872197782e
-
SHA256
77995f9bc0c2cee84b02ebcca1e74714574b0decf6aa80c788fb5d553c8c0efb
-
SHA512
10fa08450a72c59dbb9c18d5ffd8eb156b75e6b67f487fa02765bab7a05e781f028d068f08c823d2a2fd3fd5ce6e06dc48be9f4f3005996ac6ee636be6ed9e52
Static task
static1
Behavioral task
behavioral1
Sample
77995f9bc0c2cee84b02ebcca1e74714574b0decf6aa80c788fb5d553c8c0efb.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
77995f9bc0c2cee84b02ebcca1e74714574b0decf6aa80c788fb5d553c8c0efb.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
topher
denemedarkdarkxxa.duckdns.org:1604
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
77995f9bc0c2cee84b02ebcca1e74714574b0decf6aa80c788fb5d553c8c0efb
-
Size
539KB
-
MD5
c6f6dbd9cc541857159b379ed0b52e9a
-
SHA1
9fb25d597eae11b3867e8dd532d536872197782e
-
SHA256
77995f9bc0c2cee84b02ebcca1e74714574b0decf6aa80c788fb5d553c8c0efb
-
SHA512
10fa08450a72c59dbb9c18d5ffd8eb156b75e6b67f487fa02765bab7a05e781f028d068f08c823d2a2fd3fd5ce6e06dc48be9f4f3005996ac6ee636be6ed9e52
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-