General
-
Target
691a39afe11e7f9d49332ca30a272708.exe
-
Size
2.0MB
-
Sample
221203-lbt7maab78
-
MD5
691a39afe11e7f9d49332ca30a272708
-
SHA1
c315bc96feae17e521e40b2f921ff8c7de29368d
-
SHA256
00693c43c36b65ecaae75389c0b822e574f8101b9cd28255e85c39c08b2f58ad
-
SHA512
fd02a05ca804ad380d6b51a7073eebd9bcaeb6f7eca13e9a19b49335ee992536ca7e5be78909f392960f085959dfa8134b25598d2e1f98ad06695baf879ff05d
-
SSDEEP
384:TZyMeHkYz/wpa9GP4Uy277YiKMMQglhOrl9D9O5UE5QzwBlpJNakkjh/TzF7pWnl:dekKR4gh2/YtwgAwvQO+2R+L
Behavioral task
behavioral1
Sample
691a39afe11e7f9d49332ca30a272708.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
Windows Sevice
7.tcp.eu.ngrok.io:18458
Windows Service
-
reg_key
Windows Service
-
splitter
|Hassan|
Targets
-
-
Target
691a39afe11e7f9d49332ca30a272708.exe
-
Size
2.0MB
-
MD5
691a39afe11e7f9d49332ca30a272708
-
SHA1
c315bc96feae17e521e40b2f921ff8c7de29368d
-
SHA256
00693c43c36b65ecaae75389c0b822e574f8101b9cd28255e85c39c08b2f58ad
-
SHA512
fd02a05ca804ad380d6b51a7073eebd9bcaeb6f7eca13e9a19b49335ee992536ca7e5be78909f392960f085959dfa8134b25598d2e1f98ad06695baf879ff05d
-
SSDEEP
384:TZyMeHkYz/wpa9GP4Uy277YiKMMQglhOrl9D9O5UE5QzwBlpJNakkjh/TzF7pWnl:dekKR4gh2/YtwgAwvQO+2R+L
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-