General
-
Target
https://cdn.discordapp.com/attachments/1213309278405009448/1223268855993073826/Client.rar?ex=66193ce6&is=6606c7e6&hm=fa9b2e0f46ec8877b7ed0fc57787425dd130e2833520bcb8feb4392720428715&
-
Sample
240329-q7tcesaf33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1213309278405009448/1223268855993073826/Client.rar?ex=66193ce6&is=6606c7e6&hm=fa9b2e0f46ec8877b7ed0fc57787425dd130e2833520bcb8feb4392720428715&
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
MyBot
registration-nil.gl.at.ply.gg:5491
434167607980ddda6f76c73ec060396d
-
reg_key
434167607980ddda6f76c73ec060396d
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1213309278405009448/1223268855993073826/Client.rar?ex=66193ce6&is=6606c7e6&hm=fa9b2e0f46ec8877b7ed0fc57787425dd130e2833520bcb8feb4392720428715&
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1