General

  • Target

    Feather Patch Nowy.exe

  • Size

    93KB

  • Sample

    240621-lm46zavcre

  • MD5

    d0029523bd6817f23d13054759e8ce33

  • SHA1

    c62d8e3a75623581e8f8f1a1c7af715e05190b44

  • SHA256

    2f88bb74f026433ef2b729aef73d10264fa8d4f8470e6aba7c7d9e6fd69014c1

  • SHA512

    beb960aa43b39733e15ccc4e29af59e32cced5909c01d32b40f489b4a36a90a8660a4029a849239008426292bef12fc12e01427e46b9983a7fe00ceb2dcd7c30

  • SSDEEP

    1536:suD6xreTKsKgrO93/5NjEwzGi1dDL6DggS:su9KsKgrOph6i1dgJ

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DEVIL

C2

hakim32.ddns.net:2000

lake-french.gl.at.ply.gg:33694

Mutex

91a5e7dc7357b4e2494ea04a686e134a

Attributes
  • reg_key

    91a5e7dc7357b4e2494ea04a686e134a

  • splitter

    |'|'|

Targets

    • Target

      Feather Patch Nowy.exe

    • Size

      93KB

    • MD5

      d0029523bd6817f23d13054759e8ce33

    • SHA1

      c62d8e3a75623581e8f8f1a1c7af715e05190b44

    • SHA256

      2f88bb74f026433ef2b729aef73d10264fa8d4f8470e6aba7c7d9e6fd69014c1

    • SHA512

      beb960aa43b39733e15ccc4e29af59e32cced5909c01d32b40f489b4a36a90a8660a4029a849239008426292bef12fc12e01427e46b9983a7fe00ceb2dcd7c30

    • SSDEEP

      1536:suD6xreTKsKgrO93/5NjEwzGi1dDL6DggS:su9KsKgrOph6i1dgJ

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks