General
-
Target
4266162511897dafbb0e9428da74d3a0N.exe
-
Size
309KB
-
Sample
240718-bpbmbs1hmg
-
MD5
4266162511897dafbb0e9428da74d3a0
-
SHA1
eb2541ece45e3f3a66236be147389c785a8b3560
-
SHA256
f4cd82ce764e25ecbf3b5c7eae612b80ead673fd0972bbb2ade03d13e7cb04d0
-
SHA512
96b9f524d625b7febf3d6597114514bc455437a7e5fea440bb5a68fac0d18cbc41763c16f6688656a834112ac87e295fcf9313777899fe406d5392eb601ba921
-
SSDEEP
6144:4mSKwEPJdpCL/pkwU0Z2e/epMzFaguuuuuuuuuuuuuuuuuuuu6111111111GuuuT:4mSmpCLBkwFkWw1111111111PW8Gh
Static task
static1
Behavioral task
behavioral1
Sample
4266162511897dafbb0e9428da74d3a0N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4266162511897dafbb0e9428da74d3a0N.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
njrat
0.7d
hhhhhhhhhhhh
147.185.221.20:36100
f656afb493902a1bbc08f2be8001048a
-
reg_key
f656afb493902a1bbc08f2be8001048a
-
splitter
|'|'|
Targets
-
-
Target
4266162511897dafbb0e9428da74d3a0N.exe
-
Size
309KB
-
MD5
4266162511897dafbb0e9428da74d3a0
-
SHA1
eb2541ece45e3f3a66236be147389c785a8b3560
-
SHA256
f4cd82ce764e25ecbf3b5c7eae612b80ead673fd0972bbb2ade03d13e7cb04d0
-
SHA512
96b9f524d625b7febf3d6597114514bc455437a7e5fea440bb5a68fac0d18cbc41763c16f6688656a834112ac87e295fcf9313777899fe406d5392eb601ba921
-
SSDEEP
6144:4mSKwEPJdpCL/pkwU0Z2e/epMzFaguuuuuuuuuuuuuuuuuuuu6111111111GuuuT:4mSmpCLBkwFkWw1111111111PW8Gh
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1