General
-
Target
3bb145b5108de842674b84ed2a006e8cbff59323b70a928da2ded92288bf05ed
-
Size
1MB
-
Sample
220520-ptxl9abgb3
-
MD5
bed8273f6aa0838212bfd15422318320
-
SHA1
ba3abe75066d40dd95ebe7b6a601fe005b4d2dfd
-
SHA256
3bb145b5108de842674b84ed2a006e8cbff59323b70a928da2ded92288bf05ed
-
SHA512
6aa2021b5c559c856e53925f710646db430ca35f1bbe81f334e8275a3f9e9dded58bfb3c5839f9c7d453a2a8e69cdee67b43d3e4c9727c0a813f7ac2b14d2039
Static task
static1
Behavioral task
behavioral1
Sample
3bb145b5108de842674b84ed2a006e8cbff59323b70a928da2ded92288bf05ed.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3bb145b5108de842674b84ed2a006e8cbff59323b70a928da2ded92288bf05ed.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
31.10.120.162:5555
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
3bb145b5108de842674b84ed2a006e8cbff59323b70a928da2ded92288bf05ed
-
Size
1MB
-
MD5
bed8273f6aa0838212bfd15422318320
-
SHA1
ba3abe75066d40dd95ebe7b6a601fe005b4d2dfd
-
SHA256
3bb145b5108de842674b84ed2a006e8cbff59323b70a928da2ded92288bf05ed
-
SHA512
6aa2021b5c559c856e53925f710646db430ca35f1bbe81f334e8275a3f9e9dded58bfb3c5839f9c7d453a2a8e69cdee67b43d3e4c9727c0a813f7ac2b14d2039
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-