General
-
Target
Client.exe
-
Size
31KB
-
Sample
240313-n11f2scc61
-
MD5
3ce444389f8dc68a81ea82e8775723a9
-
SHA1
d346636f547906bb0225ddf4d2eeef0ed880af4f
-
SHA256
7e399ef14f368b8e882f690e82c70a8f5a2f464ace15f4653ad6125c1785daa4
-
SHA512
eeed55953a368115d2773d30b816e0e16d8b883a20b9c19087c209393c11633d0019b730ac6c800e669cfdf39faea1d72c7bfd5569ff1b761843bdd3fdf29cb3
-
SSDEEP
768:x/ChqdzNB0zx/6LAnm3+XdvizQmIDUu0tiVxj:g6KzpUQVkSj
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Client.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
MyBot
mangaforme.cloud:2222
a215eccef42e46ff2e7a6b71e0e8a433
-
reg_key
a215eccef42e46ff2e7a6b71e0e8a433
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
Client.exe
-
Size
31KB
-
MD5
3ce444389f8dc68a81ea82e8775723a9
-
SHA1
d346636f547906bb0225ddf4d2eeef0ed880af4f
-
SHA256
7e399ef14f368b8e882f690e82c70a8f5a2f464ace15f4653ad6125c1785daa4
-
SHA512
eeed55953a368115d2773d30b816e0e16d8b883a20b9c19087c209393c11633d0019b730ac6c800e669cfdf39faea1d72c7bfd5569ff1b761843bdd3fdf29cb3
-
SSDEEP
768:x/ChqdzNB0zx/6LAnm3+XdvizQmIDUu0tiVxj:g6KzpUQVkSj
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1