General
-
Target
f8a0870efa05a946584fbed3f127a0ce
-
Size
140KB
-
Sample
231228-z35pbsbbc7
-
MD5
f8a0870efa05a946584fbed3f127a0ce
-
SHA1
863f7525d5e1b3ab9071ba8a997039b681f41da2
-
SHA256
a2637fa93fc19f5bb5a533eeebc57e920b9f187d86388814fdee25c53ef5cfb3
-
SHA512
91c2b460fdea3c34985c312ed23414c35712bad69f7ad2db5c226e84bb7a50d5276feee2dde5577009b31ec5e35f607c96dcd9db1c9f40bce83150e32484d31e
-
SSDEEP
3072:kr74AOYuxGwqGoFDyyBaIy28SS0uaw19VIqMMCK0Ih:8NwCgyBaZlSWTVIfpl2
Static task
static1
Behavioral task
behavioral1
Sample
f8a0870efa05a946584fbed3f127a0ce.exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
0.7d
ahmado57.no-ip.biz:2525
09683c83c082497271a25c792ae6898e
-
reg_key
09683c83c082497271a25c792ae6898e
-
splitter
|'|'|
Targets
-
-
Target
f8a0870efa05a946584fbed3f127a0ce
-
Size
140KB
-
MD5
f8a0870efa05a946584fbed3f127a0ce
-
SHA1
863f7525d5e1b3ab9071ba8a997039b681f41da2
-
SHA256
a2637fa93fc19f5bb5a533eeebc57e920b9f187d86388814fdee25c53ef5cfb3
-
SHA512
91c2b460fdea3c34985c312ed23414c35712bad69f7ad2db5c226e84bb7a50d5276feee2dde5577009b31ec5e35f607c96dcd9db1c9f40bce83150e32484d31e
-
SSDEEP
3072:kr74AOYuxGwqGoFDyyBaIy28SS0uaw19VIqMMCK0Ih:8NwCgyBaZlSWTVIfpl2
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1