General
-
Target
cc288fa2228c7d190873b57ec8243d68
-
Size
402KB
-
Sample
240315-xg52vsab94
-
MD5
cc288fa2228c7d190873b57ec8243d68
-
SHA1
061a491b3ccf29625aca075d54491ab641fbed88
-
SHA256
e4b8bc59b29a33a168eaf80ad14e24bf47a66aea31d628ca4e2119d8189831d0
-
SHA512
95a4ed6cdd2f42e110b16830f90e9eeab07f2f2c05208d0fb8f51e6bb9ca0ff35e05b7670d8fd0dc9abdf2457c3a6e5b30b6d8e2b234f9e9d07ab7642f8adc21
-
SSDEEP
6144:6maKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgl:DSmLAuEY71fviagATFmebVQDcYc5
Behavioral task
behavioral1
Sample
cc288fa2228c7d190873b57ec8243d68.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
cc288fa2228c7d190873b57ec8243d68
-
Size
402KB
-
MD5
cc288fa2228c7d190873b57ec8243d68
-
SHA1
061a491b3ccf29625aca075d54491ab641fbed88
-
SHA256
e4b8bc59b29a33a168eaf80ad14e24bf47a66aea31d628ca4e2119d8189831d0
-
SHA512
95a4ed6cdd2f42e110b16830f90e9eeab07f2f2c05208d0fb8f51e6bb9ca0ff35e05b7670d8fd0dc9abdf2457c3a6e5b30b6d8e2b234f9e9d07ab7642f8adc21
-
SSDEEP
6144:6maKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgl:DSmLAuEY71fviagATFmebVQDcYc5
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1