General
-
Target
758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
-
Size
43KB
-
Sample
220520-e21nrshhd6
-
MD5
284ca9864936da3ed48b7a397bad95f5
-
SHA1
6755816744f12e65e599dae6d8bfbf695a2edb92
-
SHA256
758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
-
SHA512
c72efc254ccda856bec0689818988685b8c7f11462563abaea87a00f962e9fdf38508aad546a3d7df74f716f9253f40517ad35e3fca09a26221ed55138291fde
Behavioral task
behavioral1
Sample
758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
0.tcp.ngrok.io:18260
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
-
Size
43KB
-
MD5
284ca9864936da3ed48b7a397bad95f5
-
SHA1
6755816744f12e65e599dae6d8bfbf695a2edb92
-
SHA256
758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
-
SHA512
c72efc254ccda856bec0689818988685b8c7f11462563abaea87a00f962e9fdf38508aad546a3d7df74f716f9253f40517ad35e3fca09a26221ed55138291fde
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-