General

  • Target

    Feather Nowy Patch.exe

  • Size

    93KB

  • Sample

    240621-m51ryaxbjg

  • MD5

    be218e2ceb4d25801279721a0e40f6ad

  • SHA1

    45e45898d92be64ce31352693068e583f6305e91

  • SHA256

    5e205cca2f9ad3518674667668af7abbc83e040458d85543bea93c992c8e3a00

  • SHA512

    e1c788c80be433c645eb91751c4e8b32ed84552cf6cf9ab0e9e8d1147979e274438a700fba80972d8599b1c8143935240ec95e76bc4a6778107a85e3a8d2e53c

  • SSDEEP

    1536:HuD6xreTKsKgrO9w/5NjEwzGi1dDiD6gS:Hu9KsKgrOeh6i1dU/

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Debil

C2

hakim32.ddns.net:2000

lake-french.gl.at.ply.gg:33694

Mutex

5d215efb685d488d29cc52d66504493b

Attributes
  • reg_key

    5d215efb685d488d29cc52d66504493b

  • splitter

    |'|'|

Targets

    • Target

      Feather Nowy Patch.exe

    • Size

      93KB

    • MD5

      be218e2ceb4d25801279721a0e40f6ad

    • SHA1

      45e45898d92be64ce31352693068e583f6305e91

    • SHA256

      5e205cca2f9ad3518674667668af7abbc83e040458d85543bea93c992c8e3a00

    • SHA512

      e1c788c80be433c645eb91751c4e8b32ed84552cf6cf9ab0e9e8d1147979e274438a700fba80972d8599b1c8143935240ec95e76bc4a6778107a85e3a8d2e53c

    • SSDEEP

      1536:HuD6xreTKsKgrO9w/5NjEwzGi1dDiD6gS:Hu9KsKgrOeh6i1dU/

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks