General
-
Target
bf718c38ce3220b1df02f0772365ecccfb5c3d7eb0a87e56674bbcdd0d066227
-
Size
518KB
-
Sample
220508-je9qdabcb9
-
MD5
b3196f0ab1e0eeab4218b1626b796d10
-
SHA1
81fc429e08a7e6b4b06010a89305facf0acaef48
-
SHA256
bf718c38ce3220b1df02f0772365ecccfb5c3d7eb0a87e56674bbcdd0d066227
-
SHA512
f59a4b29bd22c03976fc5543780abf5c46339dec4969a8e2214babe062e944aa29568f2943283b70682965afe53d9547d7a2c71cfd56b9f5f994915ac554903b
Static task
static1
Behavioral task
behavioral1
Sample
bf718c38ce3220b1df02f0772365ecccfb5c3d7eb0a87e56674bbcdd0d066227.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bf718c38ce3220b1df02f0772365ecccfb5c3d7eb0a87e56674bbcdd0d066227.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
system
bozuksaatiniz.duckdns.org:1604
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
bf718c38ce3220b1df02f0772365ecccfb5c3d7eb0a87e56674bbcdd0d066227
-
Size
518KB
-
MD5
b3196f0ab1e0eeab4218b1626b796d10
-
SHA1
81fc429e08a7e6b4b06010a89305facf0acaef48
-
SHA256
bf718c38ce3220b1df02f0772365ecccfb5c3d7eb0a87e56674bbcdd0d066227
-
SHA512
f59a4b29bd22c03976fc5543780abf5c46339dec4969a8e2214babe062e944aa29568f2943283b70682965afe53d9547d7a2c71cfd56b9f5f994915ac554903b
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-