General
-
Target
5604f7e7a7ec0b2a91c80bac6e4ce7e3.exe
-
Size
25KB
-
Sample
220910-bqnnaahdc9
-
MD5
5604f7e7a7ec0b2a91c80bac6e4ce7e3
-
SHA1
de20822d458b1fdd421260e5e42ce4888b6315c1
-
SHA256
59e02dea77ea89b913bb8552b5c34009f7b84a04a4c61524c42ee3edccf06e3c
-
SHA512
830b1764256bdfd255c7fcfa90bd278a7790e295416ed972bcb71014ed688b8cc5466e5dc223c32984d40a5dee755b2f305d0c726ce80514e8e73e919e441e8e
-
SSDEEP
384:sv3ZIgUhKIQ27JJGYtSfcGUxIpRGOmBeqEiVcp0F9h2HbmdPvo8I6CQAbqLKkVLl:svpkhJ7tCgcRG1kpwgwvj1CNqXV6U6m
Static task
static1
Behavioral task
behavioral1
Sample
5604f7e7a7ec0b2a91c80bac6e4ce7e3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5604f7e7a7ec0b2a91c80bac6e4ce7e3.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
7.tcp.eu.ngrok.io:13225
WindowsEnginee
-
reg_key
WindowsEnginee
-
splitter
|Hassan|
Targets
-
-
Target
5604f7e7a7ec0b2a91c80bac6e4ce7e3.exe
-
Size
25KB
-
MD5
5604f7e7a7ec0b2a91c80bac6e4ce7e3
-
SHA1
de20822d458b1fdd421260e5e42ce4888b6315c1
-
SHA256
59e02dea77ea89b913bb8552b5c34009f7b84a04a4c61524c42ee3edccf06e3c
-
SHA512
830b1764256bdfd255c7fcfa90bd278a7790e295416ed972bcb71014ed688b8cc5466e5dc223c32984d40a5dee755b2f305d0c726ce80514e8e73e919e441e8e
-
SSDEEP
384:sv3ZIgUhKIQ27JJGYtSfcGUxIpRGOmBeqEiVcp0F9h2HbmdPvo8I6CQAbqLKkVLl:svpkhJ7tCgcRG1kpwgwvj1CNqXV6U6m
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-