General
-
Target
cd7155830f21ba56b24544552ca24ae9
-
Size
402KB
-
Sample
240316-h19rtsed4v
-
MD5
cd7155830f21ba56b24544552ca24ae9
-
SHA1
b4fdc9a9aff7ed994c8a546203fc26e765d7abb0
-
SHA256
95b0a303bc7b31ff4ff22cd8cb98d5c3b9e34e39a925c091855b0858f6a2d9dc
-
SHA512
6a67334c13236d04b61b064e5bfd0a6d414aa3343947738ea320e480697129080e382a0fffffa1fefa38bea13ae1255b43dc48009746f62d6fd26e408454abac
-
SSDEEP
6144:EmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgl:tSmLAuEY71fviagATFmebVQDcYc5
Behavioral task
behavioral1
Sample
cd7155830f21ba56b24544552ca24ae9.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
cd7155830f21ba56b24544552ca24ae9
-
Size
402KB
-
MD5
cd7155830f21ba56b24544552ca24ae9
-
SHA1
b4fdc9a9aff7ed994c8a546203fc26e765d7abb0
-
SHA256
95b0a303bc7b31ff4ff22cd8cb98d5c3b9e34e39a925c091855b0858f6a2d9dc
-
SHA512
6a67334c13236d04b61b064e5bfd0a6d414aa3343947738ea320e480697129080e382a0fffffa1fefa38bea13ae1255b43dc48009746f62d6fd26e408454abac
-
SSDEEP
6144:EmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgl:tSmLAuEY71fviagATFmebVQDcYc5
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1