General
-
Target
7b30da10dc4c0d9f3a452069b582b532
-
Size
2.8MB
-
Sample
240127-y5wc1adbcm
-
MD5
7b30da10dc4c0d9f3a452069b582b532
-
SHA1
2225afc63c009b23d9267ca5d4c7989dd5b11f2c
-
SHA256
2244b3a51771eaffdfe019774f5aeb8c916342e393e766d4bf794e279cf9af1e
-
SHA512
28b97cc62a19532f068fd7f33e664d5b131ddd287cb948d0d1576c084f4a62a92944a0034c6c211f080d14c5897d0e46869ce28e5dd423b08d6b3ab98c1fd2e9
-
SSDEEP
1536:8MnnAmKW2Pf38oAQ8gBjFv4m99BpCDPYH:XAmKW2Pf38oAQ8gBjFv4m99BpCDPYH
Static task
static1
Behavioral task
behavioral1
Sample
7b30da10dc4c0d9f3a452069b582b532.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7b30da10dc4c0d9f3a452069b582b532.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
0.7.3
Client
dontreachme3.ddns.net:3604
EdgeBrowser.exe
-
reg_key
EdgeBrowser.exe
-
splitter
123
Targets
-
-
Target
7b30da10dc4c0d9f3a452069b582b532
-
Size
2.8MB
-
MD5
7b30da10dc4c0d9f3a452069b582b532
-
SHA1
2225afc63c009b23d9267ca5d4c7989dd5b11f2c
-
SHA256
2244b3a51771eaffdfe019774f5aeb8c916342e393e766d4bf794e279cf9af1e
-
SHA512
28b97cc62a19532f068fd7f33e664d5b131ddd287cb948d0d1576c084f4a62a92944a0034c6c211f080d14c5897d0e46869ce28e5dd423b08d6b3ab98c1fd2e9
-
SSDEEP
1536:8MnnAmKW2Pf38oAQ8gBjFv4m99BpCDPYH:XAmKW2Pf38oAQ8gBjFv4m99BpCDPYH
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Looks for VirtualBox Guest Additions in registry
-
Nirsoft
-
Looks for VMWare Tools registry key
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
6Disable or Modify Tools
5Modify Registry
7Virtualization/Sandbox Evasion
2