General
-
Target
064827f373f0bb93f4616642146a91fc
-
Size
25KB
-
Sample
231224-t69jsscefk
-
MD5
064827f373f0bb93f4616642146a91fc
-
SHA1
99202be7f698c30dbf0c9d4af3efefd7bc0cec4f
-
SHA256
b81766c2273db2979fc060aa926a13b6b560ad446612088371464a606c80fae4
-
SHA512
e75cbd54a310e882bed97052046e784b14e161232a368042a0f37df39579725f9497428aad55714aafdb8452a643ac3e2b9ca6c8b0e793e5949ad2c752179bf4
-
SSDEEP
768:yaVnrEeAvRH+DHOoVeiInaZxekZ9pjOOdPD9:LRExV9oVKUrntJ
Static task
static1
Behavioral task
behavioral1
Sample
064827f373f0bb93f4616642146a91fc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
064827f373f0bb93f4616642146a91fc.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
im523
aaa
127.0.0.1:5552
192.168.100.4:5552
bdae7bc82fc5afd8ef934e53747b3bda
-
reg_key
bdae7bc82fc5afd8ef934e53747b3bda
-
splitter
|'|'|
Targets
-
-
Target
064827f373f0bb93f4616642146a91fc
-
Size
25KB
-
MD5
064827f373f0bb93f4616642146a91fc
-
SHA1
99202be7f698c30dbf0c9d4af3efefd7bc0cec4f
-
SHA256
b81766c2273db2979fc060aa926a13b6b560ad446612088371464a606c80fae4
-
SHA512
e75cbd54a310e882bed97052046e784b14e161232a368042a0f37df39579725f9497428aad55714aafdb8452a643ac3e2b9ca6c8b0e793e5949ad2c752179bf4
-
SSDEEP
768:yaVnrEeAvRH+DHOoVeiInaZxekZ9pjOOdPD9:LRExV9oVKUrntJ
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1