General
-
Target
1e28904cacc4be6d50c03fb71171d9a7.exe
-
Size
43KB
-
Sample
231206-xk25dabh78
-
MD5
1e28904cacc4be6d50c03fb71171d9a7
-
SHA1
1915e4f915e7e06df9efe1619921ae7960f1cbb2
-
SHA256
e50bc61300de2d3af137bcd1a5728219fac7e7635bb0ab6050ed4fa380038367
-
SHA512
5d3ac9e12ad81ea89d62717ebc65d9a1f9dab173b956741070cca4c551c675e6c91918928835817b8b082632e5f4d7d98e64949d54b8404188983efc044f3df0
-
SSDEEP
384:CZy7polQ5GoyyNrl3cXmICEDXH/zIIij+ZsNO3PlpJKkkjh/TzF7pWnZ/greT0pO:wBmolyNrB4LRxuXQ/o0/+L
Behavioral task
behavioral1
Sample
1e28904cacc4be6d50c03fb71171d9a7.exe
Resource
win7-20231129-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
0.tcp.eu.ngrok.io:15505
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
1e28904cacc4be6d50c03fb71171d9a7.exe
-
Size
43KB
-
MD5
1e28904cacc4be6d50c03fb71171d9a7
-
SHA1
1915e4f915e7e06df9efe1619921ae7960f1cbb2
-
SHA256
e50bc61300de2d3af137bcd1a5728219fac7e7635bb0ab6050ed4fa380038367
-
SHA512
5d3ac9e12ad81ea89d62717ebc65d9a1f9dab173b956741070cca4c551c675e6c91918928835817b8b082632e5f4d7d98e64949d54b8404188983efc044f3df0
-
SSDEEP
384:CZy7polQ5GoyyNrl3cXmICEDXH/zIIij+ZsNO3PlpJKkkjh/TzF7pWnZ/greT0pO:wBmolyNrB4LRxuXQ/o0/+L
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-