General
-
Target
66df4d837d9b6b60b845ef343b763bfb.exe
-
Size
25KB
-
Sample
220831-hfrqhsacgl
-
MD5
66df4d837d9b6b60b845ef343b763bfb
-
SHA1
f27a811445b649ff9a91da52152caf847ad38470
-
SHA256
ae1d5fd5d55bedc76554a13d0eee68ae8bb3e9af0cbf4fd3d1ae25e21bc1c1d3
-
SHA512
1f3258e69151f5fb0680ee02cc554d179092f00278dd54ab0dd75a987494ba75652d3c7f95925e5b25b95f0b4392663046d203b7fc58a2e54871a56899f2ff84
-
SSDEEP
768:svpUfE0bKP7eYkkrbiPs9Mvnv474hIScRj19dU2QW:QG9GP7eA2P5h0F19dU2QW
Static task
static1
Behavioral task
behavioral1
Sample
66df4d837d9b6b60b845ef343b763bfb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
66df4d837d9b6b60b845ef343b763bfb.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
6.tcp.eu.ngrok.io:12072
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
66df4d837d9b6b60b845ef343b763bfb.exe
-
Size
25KB
-
MD5
66df4d837d9b6b60b845ef343b763bfb
-
SHA1
f27a811445b649ff9a91da52152caf847ad38470
-
SHA256
ae1d5fd5d55bedc76554a13d0eee68ae8bb3e9af0cbf4fd3d1ae25e21bc1c1d3
-
SHA512
1f3258e69151f5fb0680ee02cc554d179092f00278dd54ab0dd75a987494ba75652d3c7f95925e5b25b95f0b4392663046d203b7fc58a2e54871a56899f2ff84
-
SSDEEP
768:svpUfE0bKP7eYkkrbiPs9Mvnv474hIScRj19dU2QW:QG9GP7eA2P5h0F19dU2QW
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-