General
-
Target
596d70406bbdb48846e0cf664fad89280c3db7ec1962f6ba81f94959068e23deN
-
Size
92KB
-
Sample
240916-1mba8a1epc
-
MD5
50dc90e5deb892a3ce56a22ea460da30
-
SHA1
98bcb8f0077f0a053a0ef3de0f4db61af9788d06
-
SHA256
596d70406bbdb48846e0cf664fad89280c3db7ec1962f6ba81f94959068e23de
-
SHA512
5a0cd62538fbf998c0e7406b5832c897c09835e80de7cb078882640cd8e78d75f9a178392fe565c7786b0db831f0c4e4f9869b6d9ca8cb28596398fae03d02b2
-
SSDEEP
1536:HVyoNlCss8VB/IckKynaBG7ctwPHetky:H3Sss8VB/7maBG7QwPet
Malware Config
Extracted
njrat
hakim32.ddns.net:2000
Targets
-
-
Target
596d70406bbdb48846e0cf664fad89280c3db7ec1962f6ba81f94959068e23deN
-
Size
92KB
-
MD5
50dc90e5deb892a3ce56a22ea460da30
-
SHA1
98bcb8f0077f0a053a0ef3de0f4db61af9788d06
-
SHA256
596d70406bbdb48846e0cf664fad89280c3db7ec1962f6ba81f94959068e23de
-
SHA512
5a0cd62538fbf998c0e7406b5832c897c09835e80de7cb078882640cd8e78d75f9a178392fe565c7786b0db831f0c4e4f9869b6d9ca8cb28596398fae03d02b2
-
SSDEEP
1536:HVyoNlCss8VB/IckKynaBG7ctwPHetky:H3Sss8VB/7maBG7QwPet
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1