General
-
Target
af290b8ff78113678bd4828d9e446ad6
-
Size
455KB
-
Sample
240229-w1b3fsgg5z
-
MD5
af290b8ff78113678bd4828d9e446ad6
-
SHA1
68581f15f701792ef96e95bbfce8b072648b9a70
-
SHA256
7cbea2906a3099a25b10fd3019a29a5b0f811181e99615dac59c807ff38f6a7a
-
SHA512
9d895d28271bf392b0294eff8af6415a9d31683c848515ea1079f5612ea807ade6e22e58fe7bc3636a3238c68e2e0aaae49505629cecc02d7eb14eaddd456f05
-
SSDEEP
6144:tdwYPCCUKFZbWo5xCQ70ThcE6f7fAwHLDjWoGhX1rv:tFfyEAqAp
Static task
static1
Behavioral task
behavioral1
Sample
af290b8ff78113678bd4828d9e446ad6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
af290b8ff78113678bd4828d9e446ad6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
HacKed
doza122.con-ip.com:5552
84398377c5556d3df54a82be74cfa960
-
reg_key
84398377c5556d3df54a82be74cfa960
-
splitter
|'|'|
Targets
-
-
Target
af290b8ff78113678bd4828d9e446ad6
-
Size
455KB
-
MD5
af290b8ff78113678bd4828d9e446ad6
-
SHA1
68581f15f701792ef96e95bbfce8b072648b9a70
-
SHA256
7cbea2906a3099a25b10fd3019a29a5b0f811181e99615dac59c807ff38f6a7a
-
SHA512
9d895d28271bf392b0294eff8af6415a9d31683c848515ea1079f5612ea807ade6e22e58fe7bc3636a3238c68e2e0aaae49505629cecc02d7eb14eaddd456f05
-
SSDEEP
6144:tdwYPCCUKFZbWo5xCQ70ThcE6f7fAwHLDjWoGhX1rv:tFfyEAqAp
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1