General
-
Target
8f765e65d34ed4b41023090213e6e6a4
-
Size
398KB
-
Sample
240204-sgp87aegar
-
MD5
8f765e65d34ed4b41023090213e6e6a4
-
SHA1
46170806e88fdffcf7c2bc85bfb349bf584c3331
-
SHA256
a249df49f04a48335ca99708a149c654775f4f22e40e1a5bf2d8d31c104da157
-
SHA512
a253ae2a6a447aa6227d02685f1463217fba448edb0a22c8dfa6d612f74d09d0c95569603ff2e4f10a3cbf274d1837a9abbe8a8aca1131b3dc5cb60361535836
-
SSDEEP
6144:jmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgX:YSmLAuEY71fviagATFmebVQDcYcr
Behavioral task
behavioral1
Sample
8f765e65d34ed4b41023090213e6e6a4.exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
8f765e65d34ed4b41023090213e6e6a4
-
Size
398KB
-
MD5
8f765e65d34ed4b41023090213e6e6a4
-
SHA1
46170806e88fdffcf7c2bc85bfb349bf584c3331
-
SHA256
a249df49f04a48335ca99708a149c654775f4f22e40e1a5bf2d8d31c104da157
-
SHA512
a253ae2a6a447aa6227d02685f1463217fba448edb0a22c8dfa6d612f74d09d0c95569603ff2e4f10a3cbf274d1837a9abbe8a8aca1131b3dc5cb60361535836
-
SSDEEP
6144:jmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgX:YSmLAuEY71fviagATFmebVQDcYcr
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1