General
-
Target
6aeeabaa314635486db2aa5b292f8046cb9fd352405989e45ef94acb53e81f1f
-
Size
43KB
-
Sample
220520-11cq7seec3
-
MD5
bc64b8cf2bd62cdb36f1773aeeb35c83
-
SHA1
4882d4f8d0232db5f09281e1aaed8455c1e9cfee
-
SHA256
6aeeabaa314635486db2aa5b292f8046cb9fd352405989e45ef94acb53e81f1f
-
SHA512
e3ae0e07885832ef517c90c49fd6b59a8976bb14a6e9bb8cb6e1533c2d06d6d4cb3e96cc3caf2db484d7a2681a2e3a139790d73b5d5f20aa177316017723adbf
Behavioral task
behavioral1
Sample
6aeeabaa314635486db2aa5b292f8046cb9fd352405989e45ef94acb53e81f1f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6aeeabaa314635486db2aa5b292f8046cb9fd352405989e45ef94acb53e81f1f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
0.tcp.ngrok.io:12829
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
6aeeabaa314635486db2aa5b292f8046cb9fd352405989e45ef94acb53e81f1f
-
Size
43KB
-
MD5
bc64b8cf2bd62cdb36f1773aeeb35c83
-
SHA1
4882d4f8d0232db5f09281e1aaed8455c1e9cfee
-
SHA256
6aeeabaa314635486db2aa5b292f8046cb9fd352405989e45ef94acb53e81f1f
-
SHA512
e3ae0e07885832ef517c90c49fd6b59a8976bb14a6e9bb8cb6e1533c2d06d6d4cb3e96cc3caf2db484d7a2681a2e3a139790d73b5d5f20aa177316017723adbf
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-