General
-
Target
59cda195f8f6d24dd2acb15673b06d4d738a3a179d59d4aec35bead962f953ea
-
Size
43KB
-
Sample
220520-e5bttaaae5
-
MD5
4803b4a5928f6b198aefb86a9707b244
-
SHA1
0385ad6a5deab384f819dbcbf34f4a30d998ebec
-
SHA256
59cda195f8f6d24dd2acb15673b06d4d738a3a179d59d4aec35bead962f953ea
-
SHA512
cb64510b3aba8e818d8b34626ecaf0e6476d86fc088d05afe3fefc8829294c87e1be0ba48d76038416477f4eb4c6d322714452c5e68d26b7cba338189aa2a7b7
Behavioral task
behavioral1
Sample
59cda195f8f6d24dd2acb15673b06d4d738a3a179d59d4aec35bead962f953ea.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
59cda195f8f6d24dd2acb15673b06d4d738a3a179d59d4aec35bead962f953ea.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
146.120.244.6:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
59cda195f8f6d24dd2acb15673b06d4d738a3a179d59d4aec35bead962f953ea
-
Size
43KB
-
MD5
4803b4a5928f6b198aefb86a9707b244
-
SHA1
0385ad6a5deab384f819dbcbf34f4a30d998ebec
-
SHA256
59cda195f8f6d24dd2acb15673b06d4d738a3a179d59d4aec35bead962f953ea
-
SHA512
cb64510b3aba8e818d8b34626ecaf0e6476d86fc088d05afe3fefc8829294c87e1be0ba48d76038416477f4eb4c6d322714452c5e68d26b7cba338189aa2a7b7
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-