General
-
Target
b19d20861e79e342ae571f5198546818
-
Size
402KB
-
Sample
240304-jxmzbsde2z
-
MD5
b19d20861e79e342ae571f5198546818
-
SHA1
579eab25110ce1dc1ec0dac817b1ea71c0791493
-
SHA256
b71750eaf472120c88c0fc07e402c586ca7799a85f899564e4356ed0695aa172
-
SHA512
8641e1e7a43213a735580d0252ba6156969c2a302d2df648fac9b79d5437a6b49088131518f7b6f31f7e245da34d93cec9b2a045209f427f7b555d32ab70d300
-
SSDEEP
6144:CmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:7SmLAuEY71fviagATFmebVQDcYc6
Behavioral task
behavioral1
Sample
b19d20861e79e342ae571f5198546818.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
b19d20861e79e342ae571f5198546818
-
Size
402KB
-
MD5
b19d20861e79e342ae571f5198546818
-
SHA1
579eab25110ce1dc1ec0dac817b1ea71c0791493
-
SHA256
b71750eaf472120c88c0fc07e402c586ca7799a85f899564e4356ed0695aa172
-
SHA512
8641e1e7a43213a735580d0252ba6156969c2a302d2df648fac9b79d5437a6b49088131518f7b6f31f7e245da34d93cec9b2a045209f427f7b555d32ab70d300
-
SSDEEP
6144:CmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:7SmLAuEY71fviagATFmebVQDcYc6
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1