General
-
Target
2240-14-0x00000000011E0000-0x0000000001554000-memory.dmp
-
Size
3.5MB
-
Sample
240223-zfx1zahf7s
-
MD5
5cec3c77e1e2d229f3d68e7776ab8a42
-
SHA1
6c3d0a5237bbb39aaa4ba58107b41dfd02d88162
-
SHA256
c9a5a7c6cd4af76f88d11c806f0a7d5187c8f36a0861c504fd7cf196d64140c4
-
SHA512
77c20acf632812e37cb38bfc7a7d55ec6c54461e13b7247be7e1dd02c818dbe24814fd182e4492b2f01e894d28358decbdf20b121acfac673bc3a6bc3da3ca81
-
SSDEEP
49152:9HV55beOVyvjpm/bYT4Ir5bxyhkdyIHMb4NnlgiTJUvb5i0x3T:9D5SOCEZIBxyKsbslgaJybB
Behavioral task
behavioral1
Sample
2240-14-0x00000000011E0000-0x0000000001554000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2240-14-0x00000000011E0000-0x0000000001554000-memory.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
njrat
im523
2
than-electoral.gl.at.ply.gg:36364
0c8d792f9c21b154330684f6c50ab800
-
reg_key
0c8d792f9c21b154330684f6c50ab800
-
splitter
|'|'|
Targets
-
-
Target
2240-14-0x00000000011E0000-0x0000000001554000-memory.dmp
-
Size
3.5MB
-
MD5
5cec3c77e1e2d229f3d68e7776ab8a42
-
SHA1
6c3d0a5237bbb39aaa4ba58107b41dfd02d88162
-
SHA256
c9a5a7c6cd4af76f88d11c806f0a7d5187c8f36a0861c504fd7cf196d64140c4
-
SHA512
77c20acf632812e37cb38bfc7a7d55ec6c54461e13b7247be7e1dd02c818dbe24814fd182e4492b2f01e894d28358decbdf20b121acfac673bc3a6bc3da3ca81
-
SSDEEP
49152:9HV55beOVyvjpm/bYT4Ir5bxyhkdyIHMb4NnlgiTJUvb5i0x3T:9D5SOCEZIBxyKsbslgaJybB
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1