General
-
Target
ba4ea0f61e140f06caa9d668023037dadbd557f6dca732c6e495accc569ee2d6
-
Size
43KB
-
Sample
220520-z4f3csgfbk
-
MD5
9e7274b8e1d27f8d746fe430830a6e1c
-
SHA1
1489bc7245c6cca6d14f508a53bcc4139316446a
-
SHA256
ba4ea0f61e140f06caa9d668023037dadbd557f6dca732c6e495accc569ee2d6
-
SHA512
c1208bebd3d6f101a881bfca5b1da0caafe1a3969789e1fa66c278cba1ba0efb0a46e02f113ed6f7f67947224ee4ceee9f91ad5d921fa0462776b003d426cd4b
Behavioral task
behavioral1
Sample
ba4ea0f61e140f06caa9d668023037dadbd557f6dca732c6e495accc569ee2d6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ba4ea0f61e140f06caa9d668023037dadbd557f6dca732c6e495accc569ee2d6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
rostislav404.ddns.net:9291
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
ba4ea0f61e140f06caa9d668023037dadbd557f6dca732c6e495accc569ee2d6
-
Size
43KB
-
MD5
9e7274b8e1d27f8d746fe430830a6e1c
-
SHA1
1489bc7245c6cca6d14f508a53bcc4139316446a
-
SHA256
ba4ea0f61e140f06caa9d668023037dadbd557f6dca732c6e495accc569ee2d6
-
SHA512
c1208bebd3d6f101a881bfca5b1da0caafe1a3969789e1fa66c278cba1ba0efb0a46e02f113ed6f7f67947224ee4ceee9f91ad5d921fa0462776b003d426cd4b
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-