General
-
Target
4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
-
Size
43KB
-
Sample
220520-e679eachfq
-
MD5
574d035ff06b55e29bc08ae59b51bb68
-
SHA1
16d2c71a0d0fc3fc0d69f4804e5e8f8e781afe08
-
SHA256
4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
-
SHA512
4aed1b99bc0da26f11de8cbc3735b80d8b9af2e39e8bc03177ab0990508e6957d73d47506fcd8a344fb25d4b125040451f4950109589ec09f07e26cbdf73dbaa
Behavioral task
behavioral1
Sample
4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
82.202.167.202:3838
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
-
Size
43KB
-
MD5
574d035ff06b55e29bc08ae59b51bb68
-
SHA1
16d2c71a0d0fc3fc0d69f4804e5e8f8e781afe08
-
SHA256
4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
-
SHA512
4aed1b99bc0da26f11de8cbc3735b80d8b9af2e39e8bc03177ab0990508e6957d73d47506fcd8a344fb25d4b125040451f4950109589ec09f07e26cbdf73dbaa
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-