General
-
Target
e5fc6fa50c096e7ee056158a331d0200N.exe
-
Size
91KB
-
Sample
240818-e5hmcsybrq
-
MD5
e5fc6fa50c096e7ee056158a331d0200
-
SHA1
d7292ca52636ea62d551c18ca0bf63cae80bf13b
-
SHA256
554aec069a031be28fab52f26ffde3c76901b0d124f436dda23112b3a326858b
-
SHA512
e0a5d728ab4e9424b6c8ee3bff3338093cd34ee6eb1cc9b4e385e6013443cba77eb61dbcc85de7df56b03e5582f20feaa48a5ee9235024377d68a0770140b6ef
-
SSDEEP
768:v8GZeFkVOto7arfPiVXmbt2ELhtIh5YgnPaxJjoRY8TkCbIEhr3/iTnRVOR1MY43:vWFkoomm8RLhtIbYgna6LkMPVR1SpNv
Behavioral task
behavioral1
Sample
e5fc6fa50c096e7ee056158a331d0200N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e5fc6fa50c096e7ee056158a331d0200N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
hakim32.ddns.net:2000
Targets
-
-
Target
e5fc6fa50c096e7ee056158a331d0200N.exe
-
Size
91KB
-
MD5
e5fc6fa50c096e7ee056158a331d0200
-
SHA1
d7292ca52636ea62d551c18ca0bf63cae80bf13b
-
SHA256
554aec069a031be28fab52f26ffde3c76901b0d124f436dda23112b3a326858b
-
SHA512
e0a5d728ab4e9424b6c8ee3bff3338093cd34ee6eb1cc9b4e385e6013443cba77eb61dbcc85de7df56b03e5582f20feaa48a5ee9235024377d68a0770140b6ef
-
SSDEEP
768:v8GZeFkVOto7arfPiVXmbt2ELhtIh5YgnPaxJjoRY8TkCbIEhr3/iTnRVOR1MY43:vWFkoomm8RLhtIbYgna6LkMPVR1SpNv
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1