General
-
Target
7fae9a368a911e86a7e7fb0ca0d30119
-
Size
1.1MB
-
Sample
240129-m6ntrsgda8
-
MD5
7fae9a368a911e86a7e7fb0ca0d30119
-
SHA1
0874a642db0811a6225f7a0f4804f14fa7636928
-
SHA256
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2
-
SHA512
67b5d7fdcbac8a8da039408e1160a3c378645f1f7e39f91046ace92ca4e9bfbe00b9d87ddebcbb9505feb90fe5f45cae62278b38b3d6e34f5e50bbd6d96fd037
-
SSDEEP
24576:46xrSrpDUyHLRv58/6u8Fp3XQwYakCDXgitVpyLESdMW:460DUsLRvS/6u8LXv7DX5Naa
Static task
static1
Behavioral task
behavioral1
Sample
7fae9a368a911e86a7e7fb0ca0d30119.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7fae9a368a911e86a7e7fb0ca0d30119.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
0.7d
MyBot
0.tcp.ngrok.io:14868
11c84c65b260ec60a3037052c26d14fa
-
reg_key
11c84c65b260ec60a3037052c26d14fa
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
7fae9a368a911e86a7e7fb0ca0d30119
-
Size
1.1MB
-
MD5
7fae9a368a911e86a7e7fb0ca0d30119
-
SHA1
0874a642db0811a6225f7a0f4804f14fa7636928
-
SHA256
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2
-
SHA512
67b5d7fdcbac8a8da039408e1160a3c378645f1f7e39f91046ace92ca4e9bfbe00b9d87ddebcbb9505feb90fe5f45cae62278b38b3d6e34f5e50bbd6d96fd037
-
SSDEEP
24576:46xrSrpDUyHLRv58/6u8Fp3XQwYakCDXgitVpyLESdMW:460DUsLRvS/6u8LXv7DX5Naa
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1