General
-
Target
0b2a16e1bd03efa2d2cfce1b5934f9acaf95a9ca2eca8a14e14917e6007c117d
-
Size
43KB
-
Sample
220520-w9ke7afbdj
-
MD5
10bdf19e3eab9e4865f6c547d200983c
-
SHA1
f36a5d705d880393bad7d08d65c976e8608d52ab
-
SHA256
0b2a16e1bd03efa2d2cfce1b5934f9acaf95a9ca2eca8a14e14917e6007c117d
-
SHA512
480130ef268d5e36fa3a6550ca95e0205d1b9f760522e6a7fd4d7c9bf8be1ac6d0698ca0a1a13a0cc80961802270fae33875a33c822b3c493ecce89225a36c7d
Behavioral task
behavioral1
Sample
0b2a16e1bd03efa2d2cfce1b5934f9acaf95a9ca2eca8a14e14917e6007c117d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0b2a16e1bd03efa2d2cfce1b5934f9acaf95a9ca2eca8a14e14917e6007c117d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
kingoravrus.ddns.net:1177
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
0b2a16e1bd03efa2d2cfce1b5934f9acaf95a9ca2eca8a14e14917e6007c117d
-
Size
43KB
-
MD5
10bdf19e3eab9e4865f6c547d200983c
-
SHA1
f36a5d705d880393bad7d08d65c976e8608d52ab
-
SHA256
0b2a16e1bd03efa2d2cfce1b5934f9acaf95a9ca2eca8a14e14917e6007c117d
-
SHA512
480130ef268d5e36fa3a6550ca95e0205d1b9f760522e6a7fd4d7c9bf8be1ac6d0698ca0a1a13a0cc80961802270fae33875a33c822b3c493ecce89225a36c7d
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-