General
-
Target
5c75ff9a14e32b1e2b494e8446f1668e
-
Size
3.7MB
-
Sample
240115-h2mcxscec9
-
MD5
5c75ff9a14e32b1e2b494e8446f1668e
-
SHA1
2fa6bcb8a28a319e41c9f0a07e347ffd20641e9a
-
SHA256
c17ed1830c9f10d07c87721dc0730c058cc28b563e2615fd93be7eae76145d34
-
SHA512
49246274856e7d82e68f50cfca5d961e3a6be01f2d3d27e45b510901edec2168d83053d05bb94d228f825796eefc9671fc12370c2c1665fe26e992934fc668b3
-
SSDEEP
98304:+Q97hLupbss/hAHfqeTPpmBYq9cIF4WRQFEL271NB13mX:hTuxA/qe4BYq+wRCpbzmX
Static task
static1
Behavioral task
behavioral1
Sample
5c75ff9a14e32b1e2b494e8446f1668e.exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
0.7d
Server
bozok3377.duckdns.org:5552
452c71391e344a3a8cea9d88625e6b6f
-
reg_key
452c71391e344a3a8cea9d88625e6b6f
-
splitter
|'|'|
Targets
-
-
Target
5c75ff9a14e32b1e2b494e8446f1668e
-
Size
3.7MB
-
MD5
5c75ff9a14e32b1e2b494e8446f1668e
-
SHA1
2fa6bcb8a28a319e41c9f0a07e347ffd20641e9a
-
SHA256
c17ed1830c9f10d07c87721dc0730c058cc28b563e2615fd93be7eae76145d34
-
SHA512
49246274856e7d82e68f50cfca5d961e3a6be01f2d3d27e45b510901edec2168d83053d05bb94d228f825796eefc9671fc12370c2c1665fe26e992934fc668b3
-
SSDEEP
98304:+Q97hLupbss/hAHfqeTPpmBYq9cIF4WRQFEL271NB13mX:hTuxA/qe4BYq+wRCpbzmX
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1