General
-
Target
bfe53411a9a07085ef50a9ab47225f3c
-
Size
14KB
-
Sample
240311-fjyxwscd55
-
MD5
bfe53411a9a07085ef50a9ab47225f3c
-
SHA1
30e398f598c1e0ce5e7105622212d6f540f3f231
-
SHA256
536771f169587a995028982a6c65b9b88edcd6f963c4d7f273b9de9a02fecf54
-
SHA512
70553a229263ac06469ff1c13616ccd9563c11ee96846fc0fd13eeb4540520a8fd2485903b3b822f5979de86cdcba6b9c3238a9fd48353f70fd1c6e5963f9d38
-
SSDEEP
384:L+78SB0uGloWhnCpnxLvvXN+1O8GkNKCog8Lr2RF:E84hGllhCpxjGX8yF
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
0.7d
MyBot
127.0.0.1:6522
2bbf84075ffd465a9ebf86f6a24c3618
-
reg_key
2bbf84075ffd465a9ebf86f6a24c3618
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
setup.exe
-
Size
31KB
-
MD5
32f89cfd95ef15edb1ae3531c59666ef
-
SHA1
74fa69bb58da635c0faccaecb077fe342ec2d0cf
-
SHA256
ca43779029d965294ee6113fdd96c458705a67820e3346337c45055a038a1d08
-
SHA512
d2cb6177e9a2a24eab9d45035b4d244f9f67695ca50b385f21957fd7293820032ad8b419d765a0877da332750fee77f54976014856903a649abea09a21d39c5c
-
SSDEEP
768:zRijNXuTthUzxf6rdwA3th9virQmIDUu0tiLyj:4N+KKPsQVkvj
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1