General
-
Target
3064-2-0x0000000000230000-0x000000000024C000-memory.dmp
-
Size
112KB
-
Sample
240731-fdbv6s1fma
-
MD5
f9f51a1860620d3af2631a30ad745727
-
SHA1
9dbf01c2fa1b015ebed3ccb2751da93d15dfdd87
-
SHA256
ed1e350ceb243db6b480c4c6918f8d909ad749d28d959aa61d49c2c10499fcfc
-
SHA512
0d35360b9503543a709e044d0dd010223a4bd31b3bfc634cdc2c9a8ada4759d7cfe9ea3efa2cf3fe6d4c75adf7cf5a10533ccf635a3c9ae27f151a435dbf88e2
-
SSDEEP
1536:tVmeuLXtLwbKCEAj5dD1tpjEwzGi1dDXDqgS:tVmeiwbKCEo59/mi1d/v
Behavioral task
behavioral1
Sample
3064-2-0x0000000000230000-0x000000000024C000-memory.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3064-2-0x0000000000230000-0x000000000024C000-memory.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
njrat
0.7d
复复美制美
hakim32.ddns.net:2000
147.185.221.21:33869
5d9b545ac4ee41f57768dba98a8ebbb2
-
reg_key
5d9b545ac4ee41f57768dba98a8ebbb2
-
splitter
|'|'|
Targets
-
-
Target
3064-2-0x0000000000230000-0x000000000024C000-memory.dmp
-
Size
112KB
-
MD5
f9f51a1860620d3af2631a30ad745727
-
SHA1
9dbf01c2fa1b015ebed3ccb2751da93d15dfdd87
-
SHA256
ed1e350ceb243db6b480c4c6918f8d909ad749d28d959aa61d49c2c10499fcfc
-
SHA512
0d35360b9503543a709e044d0dd010223a4bd31b3bfc634cdc2c9a8ada4759d7cfe9ea3efa2cf3fe6d4c75adf7cf5a10533ccf635a3c9ae27f151a435dbf88e2
-
SSDEEP
1536:tVmeuLXtLwbKCEAj5dD1tpjEwzGi1dDXDqgS:tVmeiwbKCEo59/mi1d/v
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1