General
-
Target
6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
-
Size
25KB
-
Sample
220520-e2417ahhe3
-
MD5
5484a6514223d5198cdb314d878c313e
-
SHA1
a4e744d86cc1d60457c9e364eac5d5a1fdd94cd0
-
SHA256
6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
-
SHA512
e2611f4eba2bc9c2ad83337564a520609cf3fdbb0e4a71e62d069ca7d8658b63b40843005f04cc86909bd23442c5896267720276126b3aa5cc359faf5254f511
Static task
static1
Behavioral task
behavioral1
Sample
6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
127.0.0.1:27015
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
-
Size
25KB
-
MD5
5484a6514223d5198cdb314d878c313e
-
SHA1
a4e744d86cc1d60457c9e364eac5d5a1fdd94cd0
-
SHA256
6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
-
SHA512
e2611f4eba2bc9c2ad83337564a520609cf3fdbb0e4a71e62d069ca7d8658b63b40843005f04cc86909bd23442c5896267720276126b3aa5cc359faf5254f511
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-