General
-
Target
d55e8fe10d36bfd5d291b9fb4793a9f6
-
Size
611KB
-
Sample
240319-gnjjfacd6t
-
MD5
d55e8fe10d36bfd5d291b9fb4793a9f6
-
SHA1
aa033731614610977e8db7e404af3d905da373f7
-
SHA256
7479057c61a73dfd0181c47e74033ff744574da2566061cdc650b2d260024c63
-
SHA512
97fd4addb0ebbd6be4af045665d358cfa93868e0e78202afc3b7abb5dd87a9134e147500f839fab04f4d74f358336b3a7389bc2826c3406ec77c058644c24c45
-
SSDEEP
12288:+RZ+IoG/n9IQxW3OBseTTkb08VPSqt9A0j4Kt4s:I2G/nvxW3W9eJPvUwtt4s
Static task
static1
Behavioral task
behavioral1
Sample
d55e8fe10d36bfd5d291b9fb4793a9f6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d55e8fe10d36bfd5d291b9fb4793a9f6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
MyBot
10.0.2.15:6522
e47bb139645326129cb781b1c493f663
-
reg_key
e47bb139645326129cb781b1c493f663
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
d55e8fe10d36bfd5d291b9fb4793a9f6
-
Size
611KB
-
MD5
d55e8fe10d36bfd5d291b9fb4793a9f6
-
SHA1
aa033731614610977e8db7e404af3d905da373f7
-
SHA256
7479057c61a73dfd0181c47e74033ff744574da2566061cdc650b2d260024c63
-
SHA512
97fd4addb0ebbd6be4af045665d358cfa93868e0e78202afc3b7abb5dd87a9134e147500f839fab04f4d74f358336b3a7389bc2826c3406ec77c058644c24c45
-
SSDEEP
12288:+RZ+IoG/n9IQxW3OBseTTkb08VPSqt9A0j4Kt4s:I2G/nvxW3W9eJPvUwtt4s
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1