General
-
Target
04ebda8dad22a5e9cfafc51dcccba313a2b8d11743da52bb114c1bfc165a0c01
-
Size
43KB
-
Sample
220520-fbgzeadbhn
-
MD5
2c7e2f0618c5e97da339818408f8f280
-
SHA1
5e6ea81e291b81bd7281e7c7a27812ab101af1e2
-
SHA256
04ebda8dad22a5e9cfafc51dcccba313a2b8d11743da52bb114c1bfc165a0c01
-
SHA512
50dedbf570f9b9933623eac8b2e762e082cb60c22a3c629fdada9daa5367cd825b4aaf74d8f1afa0ee6f7c4cfba71ac15204c2b1636de5cc7a36a85025cfcc5a
Behavioral task
behavioral1
Sample
04ebda8dad22a5e9cfafc51dcccba313a2b8d11743da52bb114c1bfc165a0c01.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
04ebda8dad22a5e9cfafc51dcccba313a2b8d11743da52bb114c1bfc165a0c01.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
hack
213.159.212.162:8472
DriverStartup
-
reg_key
DriverStartup
-
splitter
|Hassan|
Targets
-
-
Target
04ebda8dad22a5e9cfafc51dcccba313a2b8d11743da52bb114c1bfc165a0c01
-
Size
43KB
-
MD5
2c7e2f0618c5e97da339818408f8f280
-
SHA1
5e6ea81e291b81bd7281e7c7a27812ab101af1e2
-
SHA256
04ebda8dad22a5e9cfafc51dcccba313a2b8d11743da52bb114c1bfc165a0c01
-
SHA512
50dedbf570f9b9933623eac8b2e762e082cb60c22a3c629fdada9daa5367cd825b4aaf74d8f1afa0ee6f7c4cfba71ac15204c2b1636de5cc7a36a85025cfcc5a
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-