General
-
Target
0c7e71cb15f3a654bd603ecc875126b5.exe
-
Size
25KB
-
Sample
230206-3mbcbsgd62
-
MD5
0c7e71cb15f3a654bd603ecc875126b5
-
SHA1
86b9b8214a1f25c1c059201b89b0e058ccc24046
-
SHA256
697e668ff68ad6ec46a37f3be151cceee3df535f78af08fc290f4553d5b562fb
-
SHA512
35608317ba260a1483002dbb7271db5b10ca02b07f6f9dde2453bfd449397516ad32fb86d340e37ed140b53e6fdd0d57d113e2d9bf7dc4abf7265235628499e9
-
SSDEEP
768:svp3Gwda1gHhRsSiBCyiEs81sByH6oCgmj:Q3Gwda1gBVOCyiYyBy3E
Static task
static1
Behavioral task
behavioral1
Sample
0c7e71cb15f3a654bd603ecc875126b5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0c7e71cb15f3a654bd603ecc875126b5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
4.tcp.eu.ngrok.io:12433
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
0c7e71cb15f3a654bd603ecc875126b5.exe
-
Size
25KB
-
MD5
0c7e71cb15f3a654bd603ecc875126b5
-
SHA1
86b9b8214a1f25c1c059201b89b0e058ccc24046
-
SHA256
697e668ff68ad6ec46a37f3be151cceee3df535f78af08fc290f4553d5b562fb
-
SHA512
35608317ba260a1483002dbb7271db5b10ca02b07f6f9dde2453bfd449397516ad32fb86d340e37ed140b53e6fdd0d57d113e2d9bf7dc4abf7265235628499e9
-
SSDEEP
768:svp3Gwda1gHhRsSiBCyiEs81sByH6oCgmj:Q3Gwda1gBVOCyiYyBy3E
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-