General
-
Target
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
-
Size
612KB
-
Sample
220330-ekltaabhdr
-
MD5
f414c142f690168170dc839b538fae62
-
SHA1
f1695b6b8b52c13148d2bca87269b9d11479f2c5
-
SHA256
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
-
SHA512
e7eb28451c72366c9d05421902ecccbc296c7173f2481b5c2a654fe967ffb6661ff23246cbe67698f788e9646a3880b3d29c1c7ed39ee7dc456c202f2e454e7c
Static task
static1
Behavioral task
behavioral1
Sample
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7.exe
Resource
win7-20220331-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
1
127.0.0.1:6666
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
-
Size
612KB
-
MD5
f414c142f690168170dc839b538fae62
-
SHA1
f1695b6b8b52c13148d2bca87269b9d11479f2c5
-
SHA256
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
-
SHA512
e7eb28451c72366c9d05421902ecccbc296c7173f2481b5c2a654fe967ffb6661ff23246cbe67698f788e9646a3880b3d29c1c7ed39ee7dc456c202f2e454e7c
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-