General
-
Target
db7e41ad958ee52cb6257330e55b25f8e9314d89719c78b524e8b76025d2252e
-
Size
43KB
-
Sample
220520-evgbjshdh5
-
MD5
71152f3b9a20b6bdf15451f7fefceeb5
-
SHA1
f1bfb4bbf23866b97cee0fb39895f365377003e9
-
SHA256
db7e41ad958ee52cb6257330e55b25f8e9314d89719c78b524e8b76025d2252e
-
SHA512
1efcb54168dd7abeefd5fd74147d86d8131ccb75c70b4c24673af88df4781577d31278ea8148ad061fc1177e5f9f71bdbc31e5528b7b5067ced19467bce36fb7
Behavioral task
behavioral1
Sample
db7e41ad958ee52cb6257330e55b25f8e9314d89719c78b524e8b76025d2252e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
db7e41ad958ee52cb6257330e55b25f8e9314d89719c78b524e8b76025d2252e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
???
127.0.0.1:6626
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
db7e41ad958ee52cb6257330e55b25f8e9314d89719c78b524e8b76025d2252e
-
Size
43KB
-
MD5
71152f3b9a20b6bdf15451f7fefceeb5
-
SHA1
f1bfb4bbf23866b97cee0fb39895f365377003e9
-
SHA256
db7e41ad958ee52cb6257330e55b25f8e9314d89719c78b524e8b76025d2252e
-
SHA512
1efcb54168dd7abeefd5fd74147d86d8131ccb75c70b4c24673af88df4781577d31278ea8148ad061fc1177e5f9f71bdbc31e5528b7b5067ced19467bce36fb7
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-