General
-
Target
3a33929b7a057fe0192bf91aa7c26eb312ef1b1653d106e85c329aa52b0b001b
-
Size
11KB
-
Sample
240419-v8chhsbf8w
-
MD5
b502720eb0645a6aa0e5915b2dc7a006
-
SHA1
775e5961a1cb4421d22282795f5dd4800e687ed4
-
SHA256
3a33929b7a057fe0192bf91aa7c26eb312ef1b1653d106e85c329aa52b0b001b
-
SHA512
847f693c8f8ee17254b722c75e9615f8862e5ba09b9def467ba953be6c15c873640bd489cc44c160a815fdc27ce36601e8a80cf8a15ca9dd30b8bf8be5fee280
-
SSDEEP
192:QKA1F7gTjuiPpl4JNu09geWtOMUa/ucXpDFDb5VZFeHozxB5V2jHHsWsvlknqWvs:DdTjusG9b8jUKNDF5VZcIz/KjHFA8hbO
Behavioral task
behavioral1
Sample
bc77b4592acc8dc3708179fd8719405271052addb074c04db57f0f1699e77708.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bc77b4592acc8dc3708179fd8719405271052addb074c04db57f0f1699e77708.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
0.7d
HacKed
fallenvrsdo7ne.ddns.net:1177
5a1dceb696560575497ef5faf4d00de1
-
reg_key
5a1dceb696560575497ef5faf4d00de1
-
splitter
|'|'|
Targets
-
-
Target
bc77b4592acc8dc3708179fd8719405271052addb074c04db57f0f1699e77708.exe
-
Size
23KB
-
MD5
9df2b193396f5be4c1636b0619362ec6
-
SHA1
91803a123fa7ceb1359c797a98632208bc4597d9
-
SHA256
bc77b4592acc8dc3708179fd8719405271052addb074c04db57f0f1699e77708
-
SHA512
bf81c77d2c5528a835721d3d70dabf030a37573dc8c5a1b4cb9a1b714bd66fde4e279881f8783d765c60d6cc279406d0ab7af9028974f2a750088e01bafdd578
-
SSDEEP
384:qY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZb/xP:9L2s+tRyRpcnuQJP
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1