General
-
Target
13b460b8f80beb10be21a06da0688fb1
-
Size
813KB
-
Sample
231230-kp9zkaefd7
-
MD5
13b460b8f80beb10be21a06da0688fb1
-
SHA1
516a1888c5549b0a8bce51460dfe22dc1cc72171
-
SHA256
73e593d15b334bead509f7063782f835c5375e1ff184ff46797145c95e201f4d
-
SHA512
7fda7acac1197f79e5e0117dcd408f1ae8820e438c736b29a28512cbaa15c5f715efca1e89feb3ca21392538c4ae8e420db4b0623cbefd39c3ee3d6a24b2af25
-
SSDEEP
12288:nynw9K+aZ1wMbyGZI6czU2ai6D3h0kaHHMl8Hs2gX5uVj+9vJ/nXLr:y1+IAai6DbanzZss+9lbr
Static task
static1
Behavioral task
behavioral1
Sample
13b460b8f80beb10be21a06da0688fb1.exe
Resource
win7-20231129-en
Malware Config
Extracted
njrat
0.7d
2021$$$
194.5.98.210:4040
0ef5de3f5b1fb89677ba03e41fa0a05a
-
reg_key
0ef5de3f5b1fb89677ba03e41fa0a05a
-
splitter
|'|'|
Targets
-
-
Target
13b460b8f80beb10be21a06da0688fb1
-
Size
813KB
-
MD5
13b460b8f80beb10be21a06da0688fb1
-
SHA1
516a1888c5549b0a8bce51460dfe22dc1cc72171
-
SHA256
73e593d15b334bead509f7063782f835c5375e1ff184ff46797145c95e201f4d
-
SHA512
7fda7acac1197f79e5e0117dcd408f1ae8820e438c736b29a28512cbaa15c5f715efca1e89feb3ca21392538c4ae8e420db4b0623cbefd39c3ee3d6a24b2af25
-
SSDEEP
12288:nynw9K+aZ1wMbyGZI6czU2ai6D3h0kaHHMl8Hs2gX5uVj+9vJ/nXLr:y1+IAai6DbanzZss+9lbr
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1