General
-
Target
bacc4221cd4d6009fbabd8a7194bb07c.exe
-
Size
43KB
-
Sample
230519-f2j7fsea9z
-
MD5
bacc4221cd4d6009fbabd8a7194bb07c
-
SHA1
feb85c565496e6e33ac90352816d35241aa689ca
-
SHA256
1e39fa1f931865fbce1da5c91b4223683333335426733ad41c1bf050a82b44fe
-
SHA512
943c191fa03ec068d7d5534b51462946141706ae1f23ea9d7a5f0971f00c208c6a481822fb76d7b4af7cea2ef06964aa4c62bbf5d90e74a6ca14ff9fef361a50
-
SSDEEP
384:lZyuAFkV6Lk8y85LPjn1m0O6EES+0JKVHbzzIij+ZsNO3PlpJKkkjh/TzF7pWnC2:vHAFksY5ebjn1m0Z2JK2uXQ/ojt2+L
Behavioral task
behavioral1
Sample
bacc4221cd4d6009fbabd8a7194bb07c.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
Hacker
5.tcp.eu.ngrok.io:15728
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
bacc4221cd4d6009fbabd8a7194bb07c.exe
-
Size
43KB
-
MD5
bacc4221cd4d6009fbabd8a7194bb07c
-
SHA1
feb85c565496e6e33ac90352816d35241aa689ca
-
SHA256
1e39fa1f931865fbce1da5c91b4223683333335426733ad41c1bf050a82b44fe
-
SHA512
943c191fa03ec068d7d5534b51462946141706ae1f23ea9d7a5f0971f00c208c6a481822fb76d7b4af7cea2ef06964aa4c62bbf5d90e74a6ca14ff9fef361a50
-
SSDEEP
384:lZyuAFkV6Lk8y85LPjn1m0O6EES+0JKVHbzzIij+ZsNO3PlpJKkkjh/TzF7pWnC2:vHAFksY5ebjn1m0Z2JK2uXQ/ojt2+L
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-