General
-
Target
2d6be84a8bfc3478a59c9e3416857a7170508fcdf586f9f639c216d4e569bb56
-
Size
43KB
-
Sample
220520-2qlf2afgf2
-
MD5
5a37e9f01baa6070732ae4989d49d986
-
SHA1
4d0db27bb1281d33a14ab5a87de3268c23107e7e
-
SHA256
2d6be84a8bfc3478a59c9e3416857a7170508fcdf586f9f639c216d4e569bb56
-
SHA512
82f13f4a521b0fb1d7cbe3b1f5ad830e994dc4f867f773309f2ca34c0b5f74484c1120b023c70fdf40d2ace96847eb61c9004dbfe5b9c9efaf3b420fb38875fc
Behavioral task
behavioral1
Sample
2d6be84a8bfc3478a59c9e3416857a7170508fcdf586f9f639c216d4e569bb56.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2d6be84a8bfc3478a59c9e3416857a7170508fcdf586f9f639c216d4e569bb56.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
127.0.0.1:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
2d6be84a8bfc3478a59c9e3416857a7170508fcdf586f9f639c216d4e569bb56
-
Size
43KB
-
MD5
5a37e9f01baa6070732ae4989d49d986
-
SHA1
4d0db27bb1281d33a14ab5a87de3268c23107e7e
-
SHA256
2d6be84a8bfc3478a59c9e3416857a7170508fcdf586f9f639c216d4e569bb56
-
SHA512
82f13f4a521b0fb1d7cbe3b1f5ad830e994dc4f867f773309f2ca34c0b5f74484c1120b023c70fdf40d2ace96847eb61c9004dbfe5b9c9efaf3b420fb38875fc
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-