General
-
Target
021b477ace5e87113272fd8b16830051.bin
-
Size
184KB
-
Sample
240228-bcnfcsfe7x
-
MD5
021b477ace5e87113272fd8b16830051
-
SHA1
d55ddb61b67e53245adc5bd12822ea56f1602820
-
SHA256
e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd
-
SHA512
ef8c8ff1ff3326848becef2615bd2a629dd1eced13c9b9776d75f3a5cfd2e913324422f806264126befdd0d6908d16be081218ab61fe20ef95111cf9a41c8817
-
SSDEEP
3072:qUZiBJUB7JXbbkiTIR4JQffGaJNnN7SD+631zmh6Ty1:hiBWBdbkiTIR4ufGaJNnN7SC631zmh6+
Static task
static1
Behavioral task
behavioral1
Sample
021b477ace5e87113272fd8b16830051.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
021b477ace5e87113272fd8b16830051.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
HacKed
18.ip.gl.ply.gg:43389
4ac5522ba6619835b9ac056e603570c4
-
reg_key
4ac5522ba6619835b9ac056e603570c4
-
splitter
|'|'|
Targets
-
-
Target
021b477ace5e87113272fd8b16830051.bin
-
Size
184KB
-
MD5
021b477ace5e87113272fd8b16830051
-
SHA1
d55ddb61b67e53245adc5bd12822ea56f1602820
-
SHA256
e31f4f05884e97c569d6641257f40c4634004565874178c122817538e89948bd
-
SHA512
ef8c8ff1ff3326848becef2615bd2a629dd1eced13c9b9776d75f3a5cfd2e913324422f806264126befdd0d6908d16be081218ab61fe20ef95111cf9a41c8817
-
SSDEEP
3072:qUZiBJUB7JXbbkiTIR4JQffGaJNnN7SD+631zmh6Ty1:hiBWBdbkiTIR4ufGaJNnN7SC631zmh6+
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1