General
-
Target
c69f22c8a78384d370df54e22417a0cf
-
Size
402KB
-
Sample
240313-xjjxeach6z
-
MD5
c69f22c8a78384d370df54e22417a0cf
-
SHA1
a02ad82479fcf264bfc0b9f0af3d23ff3ee3cf71
-
SHA256
dcca2bc3daf94e234cd8a7a905a17685fd6bfe1dfa507c2376b5cec4e825f6fe
-
SHA512
302e6e488157d5209d5eb7d88890ed24249395229c0fd90537603bc7e602afd31d4954ca8a5a3b0b634f56b7a46a323c4dd1f8799eafe012a2b14af891cdeb7c
-
SSDEEP
6144:NmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgN:6SmLAuEY71fviagATFmebVQDcYcp
Behavioral task
behavioral1
Sample
c69f22c8a78384d370df54e22417a0cf.exe
Resource
win7-20240220-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
c69f22c8a78384d370df54e22417a0cf
-
Size
402KB
-
MD5
c69f22c8a78384d370df54e22417a0cf
-
SHA1
a02ad82479fcf264bfc0b9f0af3d23ff3ee3cf71
-
SHA256
dcca2bc3daf94e234cd8a7a905a17685fd6bfe1dfa507c2376b5cec4e825f6fe
-
SHA512
302e6e488157d5209d5eb7d88890ed24249395229c0fd90537603bc7e602afd31d4954ca8a5a3b0b634f56b7a46a323c4dd1f8799eafe012a2b14af891cdeb7c
-
SSDEEP
6144:NmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgN:6SmLAuEY71fviagATFmebVQDcYcp
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1