General

  • Target

    Feather nowy Patch!.exe

  • Size

    93KB

  • Sample

    240621-mnhj2awekb

  • MD5

    80d166210cd7fad5702d812548afb620

  • SHA1

    f7f27ecba8b819eb0cbbf8f52cc61bd34445a46d

  • SHA256

    8361a51be1cb3118af3c0055078e6406ebbb39df670ae0d652e94481721b6e0f

  • SHA512

    5e22c1915b6065e2f3427de34b821f996320d9fd6a05cb1609697a21bb0fa6fc78f474b0f60a660b9823126ac2e01d333e2aa38d6190ae8ec7d1f24141a5b25d

  • SSDEEP

    1536:FGKPWSwWbaDNul2O1qjEwzGi1dDiDegS:FGbPWbaDNu8eTi1dED

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Debil

C2

hakim32.ddns.net:2000

wandering-pond-92780.pktriot.net :8191

Mutex

59d5f4f897b66ddcc23b4efd7795be0f

Attributes
  • reg_key

    59d5f4f897b66ddcc23b4efd7795be0f

  • splitter

    |'|'|

Targets

    • Target

      Feather nowy Patch!.exe

    • Size

      93KB

    • MD5

      80d166210cd7fad5702d812548afb620

    • SHA1

      f7f27ecba8b819eb0cbbf8f52cc61bd34445a46d

    • SHA256

      8361a51be1cb3118af3c0055078e6406ebbb39df670ae0d652e94481721b6e0f

    • SHA512

      5e22c1915b6065e2f3427de34b821f996320d9fd6a05cb1609697a21bb0fa6fc78f474b0f60a660b9823126ac2e01d333e2aa38d6190ae8ec7d1f24141a5b25d

    • SSDEEP

      1536:FGKPWSwWbaDNul2O1qjEwzGi1dDiDegS:FGbPWbaDNu8eTi1dED

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks