General
-
Target
abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N
-
Size
1.3MB
-
Sample
241004-3k4k4aserl
-
MD5
0d0e5d826209927eb07f4e393eff6f90
-
SHA1
0cc3c1a211c87f4b13aea8a53b043dcdc0a375d9
-
SHA256
abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477
-
SHA512
7750dfff7fe5138c8850e2141cd1e7b7c44b95a7693c82056bdf9372bea7033ce93b4ec558533afdefb63d99885822f2c9dda4e18cfc7fa3ee266c9663fdd0f3
-
SSDEEP
24576:L8EX1B+OLhKrDdPGrevewoRpaK8ui+8qG7Edy3+0:9Brm685j3+0
Behavioral task
behavioral1
Sample
abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.6.4
vnhax
fr3onm9r.ddns.net:5566
dae31c02cb06222e776b9ccb9207edb1
-
reg_key
dae31c02cb06222e776b9ccb9207edb1
-
splitter
|'|'|
Targets
-
-
Target
abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N
-
Size
1.3MB
-
MD5
0d0e5d826209927eb07f4e393eff6f90
-
SHA1
0cc3c1a211c87f4b13aea8a53b043dcdc0a375d9
-
SHA256
abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477
-
SHA512
7750dfff7fe5138c8850e2141cd1e7b7c44b95a7693c82056bdf9372bea7033ce93b4ec558533afdefb63d99885822f2c9dda4e18cfc7fa3ee266c9663fdd0f3
-
SSDEEP
24576:L8EX1B+OLhKrDdPGrevewoRpaK8ui+8qG7Edy3+0:9Brm685j3+0
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1