General
-
Target
e80e5d7d57dc52dcf1f56b40f53e206a3cc45f6f83cfa2d6b4a917a795366845
-
Size
23KB
-
Sample
240523-expqpsdf99
-
MD5
1b31f5605c12450df3c7e6eb1431c8b9
-
SHA1
85559db03fbf8b08323067c32bf3916f6e4db2d6
-
SHA256
e80e5d7d57dc52dcf1f56b40f53e206a3cc45f6f83cfa2d6b4a917a795366845
-
SHA512
9a0f351661d898a2cdf1fee5309feefd1edaecb16c8a89932a9f978a33354f59b11157c6f306c699128dec463f1780a43d198024060fb4f69a97d3a07c3f2c6a
-
SSDEEP
384:dslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ6D:OeEvwIlLMRpcnuj
Behavioral task
behavioral1
Sample
e80e5d7d57dc52dcf1f56b40f53e206a3cc45f6f83cfa2d6b4a917a795366845.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e80e5d7d57dc52dcf1f56b40f53e206a3cc45f6f83cfa2d6b4a917a795366845.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
njrat
0.7d
HacKed
10.10.10.10:5552
0dc24807523d3cd24b54cd0996e4c49b
-
reg_key
0dc24807523d3cd24b54cd0996e4c49b
-
splitter
|'|'|
Targets
-
-
Target
e80e5d7d57dc52dcf1f56b40f53e206a3cc45f6f83cfa2d6b4a917a795366845
-
Size
23KB
-
MD5
1b31f5605c12450df3c7e6eb1431c8b9
-
SHA1
85559db03fbf8b08323067c32bf3916f6e4db2d6
-
SHA256
e80e5d7d57dc52dcf1f56b40f53e206a3cc45f6f83cfa2d6b4a917a795366845
-
SHA512
9a0f351661d898a2cdf1fee5309feefd1edaecb16c8a89932a9f978a33354f59b11157c6f306c699128dec463f1780a43d198024060fb4f69a97d3a07c3f2c6a
-
SSDEEP
384:dslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ6D:OeEvwIlLMRpcnuj
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1