General
-
Target
b5e1be77b9170945e5281f262cd2b9ab72043a4295b5606eb43eb8362f8cc34c
-
Size
876KB
-
Sample
240524-cncnnshg56
-
MD5
53d77338b57f7f73ede130799c828c78
-
SHA1
fde1433b3e1d764c4418e028c37fd75be95f7908
-
SHA256
b5e1be77b9170945e5281f262cd2b9ab72043a4295b5606eb43eb8362f8cc34c
-
SHA512
f1c315c410581172dd6c52564f172c45203cde2c5e18f7287065fa4023f444b0399f23a1cb6d0ea1ffa861739ae0cdac6ee46b3500a1639298b5fa80b56970b3
-
SSDEEP
24576:R4lavt0LkLL9IMixoEgeaoyXPwq9MmCS:gkwkn9IMHeaolaPCS
Static task
static1
Behavioral task
behavioral1
Sample
b5e1be77b9170945e5281f262cd2b9ab72043a4295b5606eb43eb8362f8cc34c.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b5e1be77b9170945e5281f262cd2b9ab72043a4295b5606eb43eb8362f8cc34c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
PA
127.0.0.1:5552
e229ec82a5ec02373072d0375052096f
-
reg_key
e229ec82a5ec02373072d0375052096f
-
splitter
|'|'|
Targets
-
-
Target
b5e1be77b9170945e5281f262cd2b9ab72043a4295b5606eb43eb8362f8cc34c
-
Size
876KB
-
MD5
53d77338b57f7f73ede130799c828c78
-
SHA1
fde1433b3e1d764c4418e028c37fd75be95f7908
-
SHA256
b5e1be77b9170945e5281f262cd2b9ab72043a4295b5606eb43eb8362f8cc34c
-
SHA512
f1c315c410581172dd6c52564f172c45203cde2c5e18f7287065fa4023f444b0399f23a1cb6d0ea1ffa861739ae0cdac6ee46b3500a1639298b5fa80b56970b3
-
SSDEEP
24576:R4lavt0LkLL9IMixoEgeaoyXPwq9MmCS:gkwkn9IMHeaolaPCS
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1