General
-
Target
e156e4c4bc20ba58c2bcb9288aed64be
-
Size
402KB
-
Sample
240327-lgdrtshc67
-
MD5
e156e4c4bc20ba58c2bcb9288aed64be
-
SHA1
45366a3436de9f409a4466e199307c0f7aaeb01d
-
SHA256
37d7fdbb09f6d023f81bf11197ce62c3b4b0ce5d5e854548bc81689837e6e674
-
SHA512
2ae450d282c49d36fcf6ab67db895d83b853bf659a71315e475b7909dfa59e86836fae7ddb857b6c27ededc7fbf4daeb642aad8495b672fff553b6da59757f2b
-
SSDEEP
6144:ImaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:pSmLAuEY71fviagATFmebVQDcYc6
Behavioral task
behavioral1
Sample
e156e4c4bc20ba58c2bcb9288aed64be.exe
Resource
win7-20240221-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
e156e4c4bc20ba58c2bcb9288aed64be
-
Size
402KB
-
MD5
e156e4c4bc20ba58c2bcb9288aed64be
-
SHA1
45366a3436de9f409a4466e199307c0f7aaeb01d
-
SHA256
37d7fdbb09f6d023f81bf11197ce62c3b4b0ce5d5e854548bc81689837e6e674
-
SHA512
2ae450d282c49d36fcf6ab67db895d83b853bf659a71315e475b7909dfa59e86836fae7ddb857b6c27ededc7fbf4daeb642aad8495b672fff553b6da59757f2b
-
SSDEEP
6144:ImaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgW:pSmLAuEY71fviagATFmebVQDcYc6
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1