General
-
Target
ccbb01fa345f6a109dfaadc87cec903d
-
Size
402KB
-
Sample
240316-bll9nahh58
-
MD5
ccbb01fa345f6a109dfaadc87cec903d
-
SHA1
77614ae500014b21fd33c7c00b9b97ded01389ce
-
SHA256
b098525265b592fc3db9008f2becf99f1d71a9bca62a7d04993c3b831780c8d3
-
SHA512
755e7abeddfd91546ef53e04948d506a4b9749e67972d5dc1b924b99c4181bce0438169bc3d94f1f4aa03f3984136636531cceefa472f113139c46c7007c50b2
-
SSDEEP
6144:jmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgl:YSmLAuEY71fviagATFmebVQDcYc5
Behavioral task
behavioral1
Sample
ccbb01fa345f6a109dfaadc87cec903d.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
ccbb01fa345f6a109dfaadc87cec903d
-
Size
402KB
-
MD5
ccbb01fa345f6a109dfaadc87cec903d
-
SHA1
77614ae500014b21fd33c7c00b9b97ded01389ce
-
SHA256
b098525265b592fc3db9008f2becf99f1d71a9bca62a7d04993c3b831780c8d3
-
SHA512
755e7abeddfd91546ef53e04948d506a4b9749e67972d5dc1b924b99c4181bce0438169bc3d94f1f4aa03f3984136636531cceefa472f113139c46c7007c50b2
-
SSDEEP
6144:jmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgl:YSmLAuEY71fviagATFmebVQDcYc5
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1