General
-
Target
ezgif-7-877e9e740c.gif
-
Size
7.0MB
-
Sample
240410-3m7ersed93
-
MD5
bcbf769746ccd3f74edd0696e789e626
-
SHA1
c97c5a5139b9e1af15a97ea0100e561d5ff0355b
-
SHA256
579e68bcf6036b7b29ff7c118ee60ee21dd2f9b122ee566d9513e39fc55f3151
-
SHA512
91abe295b56533266f557839cbb3b1f94c1422e8b6626bf9fea787629e7f90bef3f7b24db354122cf5ecd190b90e5fab02412a4d23418f918e7d25801bab9ab6
-
SSDEEP
196608:kdr5cO6RqyHk8/hZVSCAGg1rA587sytkSmNF:kdr5cO6RHt/hZUCAGaAIsytkSk
Static task
static1
Behavioral task
behavioral1
Sample
ezgif-7-877e9e740c.gif
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
MyBot
127.0.0.1:6522
e203433ab646dcb6773284653923e2d5
-
reg_key
e203433ab646dcb6773284653923e2d5
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
ezgif-7-877e9e740c.gif
-
Size
7.0MB
-
MD5
bcbf769746ccd3f74edd0696e789e626
-
SHA1
c97c5a5139b9e1af15a97ea0100e561d5ff0355b
-
SHA256
579e68bcf6036b7b29ff7c118ee60ee21dd2f9b122ee566d9513e39fc55f3151
-
SHA512
91abe295b56533266f557839cbb3b1f94c1422e8b6626bf9fea787629e7f90bef3f7b24db354122cf5ecd190b90e5fab02412a4d23418f918e7d25801bab9ab6
-
SSDEEP
196608:kdr5cO6RqyHk8/hZVSCAGg1rA587sytkSmNF:kdr5cO6RHt/hZUCAGaAIsytkSk
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2