General
-
Target
a5785b42b8dd7192cefb84b38e7ba0e9
-
Size
402KB
-
Sample
240226-ffvfasdf7z
-
MD5
a5785b42b8dd7192cefb84b38e7ba0e9
-
SHA1
25866d61f4291720797c5f7f5d5ea5f5c988be22
-
SHA256
49d0d4770eb085e0880bcd9ccb5f36c8a79ad63ba104c1cb6d702eb75d448ec7
-
SHA512
1f25adcfe16144e6fc7bad45de98846abe423f5d018a366288df45976cfba8c234fb6d3b2144bea4a0a50d5bc79f9e69a810bd978ca1520bf93b2e250b06de52
-
SSDEEP
6144:2maKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:XSmLAuEY71fviagATFmebVQDcYc6
Behavioral task
behavioral1
Sample
a5785b42b8dd7192cefb84b38e7ba0e9.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
a5785b42b8dd7192cefb84b38e7ba0e9
-
Size
402KB
-
MD5
a5785b42b8dd7192cefb84b38e7ba0e9
-
SHA1
25866d61f4291720797c5f7f5d5ea5f5c988be22
-
SHA256
49d0d4770eb085e0880bcd9ccb5f36c8a79ad63ba104c1cb6d702eb75d448ec7
-
SHA512
1f25adcfe16144e6fc7bad45de98846abe423f5d018a366288df45976cfba8c234fb6d3b2144bea4a0a50d5bc79f9e69a810bd978ca1520bf93b2e250b06de52
-
SSDEEP
6144:2maKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:XSmLAuEY71fviagATFmebVQDcYc6
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1