General
-
Target
4db3c5387dfe7cf4a7f804d7b2466fc6c607284ee39c994a44c5657d92fd178a
-
Size
3.2MB
-
Sample
221130-xx45haba4t
-
MD5
42c28341cf1b9cae96a4bdf3313d8211
-
SHA1
99181a15179bde4cf856182497fa3562885601bd
-
SHA256
4db3c5387dfe7cf4a7f804d7b2466fc6c607284ee39c994a44c5657d92fd178a
-
SHA512
cddb70d3bceff0fa23c658c78f5efd65bc5be267ebb4cd596cc0f4ecd26c8dc202b08673e1d240986a42e6d1af5cc90cc8568dd79092c62f5860c11713435881
-
SSDEEP
98304:Mviz/27qWGq/TzuqCDl2Ptao7jkH5JoNa:Mviq75/TzufvkNa
Static task
static1
Behavioral task
behavioral1
Sample
4db3c5387dfe7cf4a7f804d7b2466fc6c607284ee39c994a44c5657d92fd178a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4db3c5387dfe7cf4a7f804d7b2466fc6c607284ee39c994a44c5657d92fd178a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
???????_??????
0.tcp.ngrok.io:17570
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
4db3c5387dfe7cf4a7f804d7b2466fc6c607284ee39c994a44c5657d92fd178a
-
Size
3.2MB
-
MD5
42c28341cf1b9cae96a4bdf3313d8211
-
SHA1
99181a15179bde4cf856182497fa3562885601bd
-
SHA256
4db3c5387dfe7cf4a7f804d7b2466fc6c607284ee39c994a44c5657d92fd178a
-
SHA512
cddb70d3bceff0fa23c658c78f5efd65bc5be267ebb4cd596cc0f4ecd26c8dc202b08673e1d240986a42e6d1af5cc90cc8568dd79092c62f5860c11713435881
-
SSDEEP
98304:Mviz/27qWGq/TzuqCDl2Ptao7jkH5JoNa:Mviq75/TzufvkNa
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-