General
-
Target
b015c11294a789e3cd9b8a709a817ef0949db2702b943d3b31c27cf392f44bcf
-
Size
55KB
-
Sample
240417-q8k3facb7y
-
MD5
6cec7749fe82e138039da4dfbf23dfb3
-
SHA1
a8839c8144943f243b96f57e9971d8cf7ee6776e
-
SHA256
b015c11294a789e3cd9b8a709a817ef0949db2702b943d3b31c27cf392f44bcf
-
SHA512
9552472f69c649f602cb56ee9aa82b3d4717431cb39fcf9d21345f007a01edba90cc559c732b0fc5170314022dc4bcf1e14cc12411e911e410dee4f9b5f0ef46
-
SSDEEP
1536:qqwPE9MFsNpR1iIgLgf4o4D0UlRsObJXIBhMZ:qqwPDFsN/1NgLgf4o+0UlRsObJZ
Static task
static1
Behavioral task
behavioral1
Sample
ccd5489042e837a771f04a06fc5296535c2fff338e4d7b6d0585f446f2b0ba6b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ccd5489042e837a771f04a06fc5296535c2fff338e4d7b6d0585f446f2b0ba6b.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
neuf
doddyfire.linkpc.net:10000
e1a87040f2026369a233f9ae76301b7b
-
reg_key
e1a87040f2026369a233f9ae76301b7b
-
splitter
|'|'|
Targets
-
-
Target
ccd5489042e837a771f04a06fc5296535c2fff338e4d7b6d0585f446f2b0ba6b.exe
-
Size
107KB
-
MD5
e53219c25838d5d1eba21c5608dba74d
-
SHA1
63b1c1c5ae014c01986c59a880209083823151b6
-
SHA256
ccd5489042e837a771f04a06fc5296535c2fff338e4d7b6d0585f446f2b0ba6b
-
SHA512
f6e3bda1ba52e3d4865cb1e25a3b65091f3fd386d37a2144fee9bbeed331be926cf09e38fd226043416b4e18c2deff30d9ab97b7099532cb3f86d047e0ad6e4b
-
SSDEEP
1536:orp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4xtKegoxmOE:w5eznsjsguGDFqGx8egoxmOE
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1