General
-
Target
53bf5d8758b0afa2f66bc9be6ef3b373a34b42ab8ca043078887d09d9a4d2054
-
Size
25KB
-
Sample
220725-fa8ezafcan
-
MD5
1dd84cc8cf8ed0d5cd891c6508dbb215
-
SHA1
5ce2442b5395b644b28f96739abc85cee0219038
-
SHA256
53bf5d8758b0afa2f66bc9be6ef3b373a34b42ab8ca043078887d09d9a4d2054
-
SHA512
182f4082c4832c717722f37f1941dd5983ebb443c695064a7dd0c20e775ce6ae511f490170ab919fa1b8a2d85e664d907cfccd74f0d0fddf103c50659a1176b2
Static task
static1
Behavioral task
behavioral1
Sample
53bf5d8758b0afa2f66bc9be6ef3b373a34b42ab8ca043078887d09d9a4d2054.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
53bf5d8758b0afa2f66bc9be6ef3b373a34b42ab8ca043078887d09d9a4d2054.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
papaiiia132.hopto.org:24890
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
53bf5d8758b0afa2f66bc9be6ef3b373a34b42ab8ca043078887d09d9a4d2054
-
Size
25KB
-
MD5
1dd84cc8cf8ed0d5cd891c6508dbb215
-
SHA1
5ce2442b5395b644b28f96739abc85cee0219038
-
SHA256
53bf5d8758b0afa2f66bc9be6ef3b373a34b42ab8ca043078887d09d9a4d2054
-
SHA512
182f4082c4832c717722f37f1941dd5983ebb443c695064a7dd0c20e775ce6ae511f490170ab919fa1b8a2d85e664d907cfccd74f0d0fddf103c50659a1176b2
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-