General

  • Target

    Setup.exe

  • Size

    93KB

  • Sample

    240621-njg85sxfkh

  • MD5

    1c70d97bb9a9a08845affc675e99e8f4

  • SHA1

    91171b4d3dc000bc840f207008707966ee08f965

  • SHA256

    b001b441531e443c2c693971ca9f26837d0492c161634d29ba29dda5d5871960

  • SHA512

    b8db5aa7f8d93c10ba4d34ec9ab2093589772a344aa37d4676e5d8369949052504a52dd568e9af6de17706554c5c1d1c01537f9d853603d77759680a8c6c5d91

  • SSDEEP

    1536:yOpnEoSnsqS5ut9YLR8SjEwzGi1dDjD5gS:yOVSnsqS5uTYL+7i1dj2

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DLVIL

C2

hakim32.ddns.net:2000

remember-sail.gl.at.ply.gg:33823

Mutex

cc8d5a61a0143f7be473e15ca7d2ba14

Attributes
  • reg_key

    cc8d5a61a0143f7be473e15ca7d2ba14

  • splitter

    |'|'|

Targets

    • Target

      Setup.exe

    • Size

      93KB

    • MD5

      1c70d97bb9a9a08845affc675e99e8f4

    • SHA1

      91171b4d3dc000bc840f207008707966ee08f965

    • SHA256

      b001b441531e443c2c693971ca9f26837d0492c161634d29ba29dda5d5871960

    • SHA512

      b8db5aa7f8d93c10ba4d34ec9ab2093589772a344aa37d4676e5d8369949052504a52dd568e9af6de17706554c5c1d1c01537f9d853603d77759680a8c6c5d91

    • SSDEEP

      1536:yOpnEoSnsqS5ut9YLR8SjEwzGi1dDjD5gS:yOVSnsqS5uTYL+7i1dj2

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks