General
-
Target
a919a72ddb960735594d0f4531a33c4b80bac29743ede429cff0c6b87f4c8b5e
-
Size
43KB
-
Sample
240501-rt9mxshb3t
-
MD5
378532ba8c8073c2639528b08b15047b
-
SHA1
3e5edec6cf81e91ef76f709b809594065c57f35c
-
SHA256
a919a72ddb960735594d0f4531a33c4b80bac29743ede429cff0c6b87f4c8b5e
-
SHA512
0cff469b5e8a9e9ff1cfceb6ac60ceebcc02fe351a68e1fbec7e2437b0d6471d5560f1ad04a8af385731a69bfa15b3c134bbf5a363888c6ef244d6604d6fa874
-
SSDEEP
384:WZyOu1Cj8syWnvr62SneEXM05EAfdz8Iij+ZsNO3PlpJKkkjh/TzF7pWnaN7gref:Mbu04pWvr65lM0znuXQ/orN7+L
Behavioral task
behavioral1
Sample
a919a72ddb960735594d0f4531a33c4b80bac29743ede429cff0c6b87f4c8b5e.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
a919a72ddb960735594d0f4531a33c4b80bac29743ede429cff0c6b87f4c8b5e.exe
Resource
win11-20240419-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
122948256820
4.tcp.ngrok.io:13841
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
a919a72ddb960735594d0f4531a33c4b80bac29743ede429cff0c6b87f4c8b5e
-
Size
43KB
-
MD5
378532ba8c8073c2639528b08b15047b
-
SHA1
3e5edec6cf81e91ef76f709b809594065c57f35c
-
SHA256
a919a72ddb960735594d0f4531a33c4b80bac29743ede429cff0c6b87f4c8b5e
-
SHA512
0cff469b5e8a9e9ff1cfceb6ac60ceebcc02fe351a68e1fbec7e2437b0d6471d5560f1ad04a8af385731a69bfa15b3c134bbf5a363888c6ef244d6604d6fa874
-
SSDEEP
384:WZyOu1Cj8syWnvr62SneEXM05EAfdz8Iij+ZsNO3PlpJKkkjh/TzF7pWnaN7gref:Mbu04pWvr65lM0znuXQ/orN7+L
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-