General
-
Target
c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4N
-
Size
23KB
-
Sample
240928-vrm8paxapq
-
MD5
877b6a6f72faa6b0116aca386eda31c0
-
SHA1
7662c9661b815724aa24524dad25cd830c6a3f46
-
SHA256
c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4
-
SHA512
57665b6d27d6ec0f37f54c0a1035d8b2b43bb5b96bcb362f5cfc5381c001a35bdc5f613d004b15ad23148758dc9bff1da93114b1f210694ab930a32c0f476435
-
SSDEEP
384:08aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZpD:TXcwt3tRpcnua
Behavioral task
behavioral1
Sample
c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1978
33f9e1d6fefce618b71a50ca08e3da67
-
reg_key
33f9e1d6fefce618b71a50ca08e3da67
-
splitter
|'|'|
Targets
-
-
Target
c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4N
-
Size
23KB
-
MD5
877b6a6f72faa6b0116aca386eda31c0
-
SHA1
7662c9661b815724aa24524dad25cd830c6a3f46
-
SHA256
c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4
-
SHA512
57665b6d27d6ec0f37f54c0a1035d8b2b43bb5b96bcb362f5cfc5381c001a35bdc5f613d004b15ad23148758dc9bff1da93114b1f210694ab930a32c0f476435
-
SSDEEP
384:08aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZpD:TXcwt3tRpcnua
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1