General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
hakim32.ddns.net:2000
127.0.0.1:5552
Mutex
a2e4fedbad6ea827f955576851f35c79
Attributes
-
reg_key
a2e4fedbad6ea827f955576851f35c79
-
splitter
|'|'|
Targets
-
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory