General
-
Target
af7a066fd0f8019f24d87e5242cbc629
-
Size
123KB
-
Sample
240229-zzlr2scf3v
-
MD5
af7a066fd0f8019f24d87e5242cbc629
-
SHA1
c87326b2f5183e4db7a2847598454d5312487a0b
-
SHA256
8439c9df064fdbfcae73b11a271f8b1e6f39d03a80fedd5872b15ca5a4d3a9f9
-
SHA512
22b66434d06c62468e79628a7720134e033c72f9283a55b97c5a9a6ba04d063dd9a38d577e54f34659cebcbd7963b2559638e10d7f96edb18257aeccb7e60a77
-
SSDEEP
3072:aX+UKi+caHs8qOHg4+s+NRBYVOgxrk0Pq:y2XHQCOgCm
Static task
static1
Behavioral task
behavioral1
Sample
af7a066fd0f8019f24d87e5242cbc629.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
af7a066fd0f8019f24d87e5242cbc629.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
279f6960ed84a752570aca7fb2dc1552
-
reg_key
279f6960ed84a752570aca7fb2dc1552
-
splitter
|'|'|
Targets
-
-
Target
af7a066fd0f8019f24d87e5242cbc629
-
Size
123KB
-
MD5
af7a066fd0f8019f24d87e5242cbc629
-
SHA1
c87326b2f5183e4db7a2847598454d5312487a0b
-
SHA256
8439c9df064fdbfcae73b11a271f8b1e6f39d03a80fedd5872b15ca5a4d3a9f9
-
SHA512
22b66434d06c62468e79628a7720134e033c72f9283a55b97c5a9a6ba04d063dd9a38d577e54f34659cebcbd7963b2559638e10d7f96edb18257aeccb7e60a77
-
SSDEEP
3072:aX+UKi+caHs8qOHg4+s+NRBYVOgxrk0Pq:y2XHQCOgCm
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1