General
-
Target
ed2483ea2768ee40839a832f2e2771ea56c476a3622687e7b476aabb59f65d20
-
Size
229KB
-
Sample
220328-2a8avscahn
-
MD5
7d276dfb51b873aa1fa8d512a961b8e7
-
SHA1
0070198c1e94602fdc435a5933990861e9d7836c
-
SHA256
ed2483ea2768ee40839a832f2e2771ea56c476a3622687e7b476aabb59f65d20
-
SHA512
11f360bbe72a90c9364fb4f9d8d8659bb82d18745077cb85b08b158bbdabc05735f0b38a4710c42759d2bca23cbbebd0e77159228f8754ac7553ef1ccc05327e
Static task
static1
Behavioral task
behavioral1
Sample
ed2483ea2768ee40839a832f2e2771ea56c476a3622687e7b476aabb59f65d20.exe
Resource
win7-20220311-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
system
urbanhuman123.duckdns.org:3131
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
ed2483ea2768ee40839a832f2e2771ea56c476a3622687e7b476aabb59f65d20
-
Size
229KB
-
MD5
7d276dfb51b873aa1fa8d512a961b8e7
-
SHA1
0070198c1e94602fdc435a5933990861e9d7836c
-
SHA256
ed2483ea2768ee40839a832f2e2771ea56c476a3622687e7b476aabb59f65d20
-
SHA512
11f360bbe72a90c9364fb4f9d8d8659bb82d18745077cb85b08b158bbdabc05735f0b38a4710c42759d2bca23cbbebd0e77159228f8754ac7553ef1ccc05327e
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-