General
-
Target
c0d00e3956e2dfeadee3ca654d8cb54c.exe
-
Size
43KB
-
Sample
230520-lksp6aec7v
-
MD5
c0d00e3956e2dfeadee3ca654d8cb54c
-
SHA1
0bd886d04f96f4bff5b04c169d0984540fb35300
-
SHA256
b43959f8924a76b63b8300fb1d7f3943736d9c58e8c079e11bb17390949ed894
-
SHA512
90a03de70316c930828b99381867ef1c032ff91ddeb79a4190c09d09225f7d898dda0385b580aa9a465ecf646a25e41cf80bad922adc876e6e1b9228f971899a
-
SSDEEP
384:9ZyYoFkV6Lk8y85nbjX1moyOoE6+0J6dHbzzIij+ZsNO3PlpJKkkjh/TzF7pWnm2:3toFksY5ebjX1moRqJ6uuXQ/oHt2+L
Behavioral task
behavioral1
Sample
c0d00e3956e2dfeadee3ca654d8cb54c.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
Hacker
5.tcp.eu.ngrok.io:15728
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
c0d00e3956e2dfeadee3ca654d8cb54c.exe
-
Size
43KB
-
MD5
c0d00e3956e2dfeadee3ca654d8cb54c
-
SHA1
0bd886d04f96f4bff5b04c169d0984540fb35300
-
SHA256
b43959f8924a76b63b8300fb1d7f3943736d9c58e8c079e11bb17390949ed894
-
SHA512
90a03de70316c930828b99381867ef1c032ff91ddeb79a4190c09d09225f7d898dda0385b580aa9a465ecf646a25e41cf80bad922adc876e6e1b9228f971899a
-
SSDEEP
384:9ZyYoFkV6Lk8y85nbjX1moyOoE6+0J6dHbzzIij+ZsNO3PlpJKkkjh/TzF7pWnm2:3toFksY5ebjX1moRqJ6uuXQ/oHt2+L
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-