General
-
Target
bd70f3abf0cb69a990396673cddb6e128c394ff84cc7992fd0689bd7d889ad9f
-
Size
472KB
-
Sample
220520-2dqj8afbd8
-
MD5
bdbfbb101b25104192bc5031631d7ac1
-
SHA1
91036fcca3acdb459d4ca073d4c67181700d9dc4
-
SHA256
bd70f3abf0cb69a990396673cddb6e128c394ff84cc7992fd0689bd7d889ad9f
-
SHA512
c9428f09bfa2f1d2fb98201db9894104533f3c18df83fa147d685254f45dcee5d7ad252a1abc31e85b7dcefe444fc9802a3bb6d28aa419cd23d92de9b8fa0b41
Static task
static1
Behavioral task
behavioral1
Sample
bd70f3abf0cb69a990396673cddb6e128c394ff84cc7992fd0689bd7d889ad9f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bd70f3abf0cb69a990396673cddb6e128c394ff84cc7992fd0689bd7d889ad9f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
192.168.56.1:5522
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
bd70f3abf0cb69a990396673cddb6e128c394ff84cc7992fd0689bd7d889ad9f
-
Size
472KB
-
MD5
bdbfbb101b25104192bc5031631d7ac1
-
SHA1
91036fcca3acdb459d4ca073d4c67181700d9dc4
-
SHA256
bd70f3abf0cb69a990396673cddb6e128c394ff84cc7992fd0689bd7d889ad9f
-
SHA512
c9428f09bfa2f1d2fb98201db9894104533f3c18df83fa147d685254f45dcee5d7ad252a1abc31e85b7dcefe444fc9802a3bb6d28aa419cd23d92de9b8fa0b41
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-