General
-
Target
4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
-
Size
25KB
-
Sample
220520-e6hzhsaba7
-
MD5
50ac82add3a8885d8d42a7779998adb2
-
SHA1
b8f7e9527ac4aaf550702a3a8491e3401c3b71e2
-
SHA256
4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
-
SHA512
d36a4165093495d456c9e21baab044d359f5dad0364c491f3242674313387e60cb901f1d03a9c329baf7e02485c8981535d13b910c8d504f17a0512ba2a357dc
Static task
static1
Behavioral task
behavioral1
Sample
4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
94.180.24.188:7777
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
-
Size
25KB
-
MD5
50ac82add3a8885d8d42a7779998adb2
-
SHA1
b8f7e9527ac4aaf550702a3a8491e3401c3b71e2
-
SHA256
4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
-
SHA512
d36a4165093495d456c9e21baab044d359f5dad0364c491f3242674313387e60cb901f1d03a9c329baf7e02485c8981535d13b910c8d504f17a0512ba2a357dc
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-