General
-
Target
968C669247FA766C85B612DB143F89228E4EE94329CF6.exe
-
Size
43KB
-
Sample
220910-nxaffsdgdk
-
MD5
dee17a4707e3c4a27b66cba03ae27f09
-
SHA1
e6e592ddb3ea17084191d69ea14576a3f6a8a7e8
-
SHA256
968c669247fa766c85b612db143f89228e4ee94329cf6fe62a6b78bac1b4b5c8
-
SHA512
ec41e9c5d07ec702f87b7c06eceab46caba7b667b4b43ae2a9ad41f9d8f79630c7e87ad8e06b8f0925261532cdbb1f5f21a3c3bcc5a3cc744892916108a0cbf9
-
SSDEEP
384:/8ZyVhkyCEFmVoybRxMbAW4EpEzMghwzEIij+ZsNO3PlpJKkkjh/TzF7pWno/grq:/6AhkyVAVlbT6vCQgQuXQ/o1/+L
Behavioral task
behavioral1
Sample
968C669247FA766C85B612DB143F89228E4EE94329CF6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
968C669247FA766C85B612DB143F89228E4EE94329CF6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
0.tcp.eu.ngrok.io:14880
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
968C669247FA766C85B612DB143F89228E4EE94329CF6.exe
-
Size
43KB
-
MD5
dee17a4707e3c4a27b66cba03ae27f09
-
SHA1
e6e592ddb3ea17084191d69ea14576a3f6a8a7e8
-
SHA256
968c669247fa766c85b612db143f89228e4ee94329cf6fe62a6b78bac1b4b5c8
-
SHA512
ec41e9c5d07ec702f87b7c06eceab46caba7b667b4b43ae2a9ad41f9d8f79630c7e87ad8e06b8f0925261532cdbb1f5f21a3c3bcc5a3cc744892916108a0cbf9
-
SSDEEP
384:/8ZyVhkyCEFmVoybRxMbAW4EpEzMghwzEIij+ZsNO3PlpJKkkjh/TzF7pWno/grq:/6AhkyVAVlbT6vCQgQuXQ/o1/+L
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-