njrat | 39fd80c14de6c7f35cf46db75ff8948daa5c48a78567155c278a872d0382232e | Triage

Sharing

General

Target

Account bringers.exe
Size

65KB
Sample

241004-z14dgswfnk
MD5

7ed9a42df55ac56d121ea9832838193f
SHA1

009c8eb20c6bb355a55112975fa668baae08559b
SHA256

39fd80c14de6c7f35cf46db75ff8948daa5c48a78567155c278a872d0382232e
SHA512

e5bfd30312188c3d26730deb0db114171baef26c5bb2f1db845961cea8f84179989737974949070b5c66485041df29d22d495747489c72e88a88f651dafbdc22
SSDEEP

1536:TcoU49/91oN36tRQviFw1zI9RBnvAmfLteF3nLrB9z3nWaF9bvS9vM:TcoU49/91oN36tRQviFC0vBnNfWl9zG4

Score

10^/10

njrat debilu discovery

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

Debilu

C2

127.0.0.1:17455

Mutex

COM Surrogate

Attributes

reg_key
COM Surrogate
splitter
|Ghost|

Targets

- Target
  
  Account bringers.exe
- Size
  
  65KB
- MD5
  
  7ed9a42df55ac56d121ea9832838193f
- SHA1
  
  009c8eb20c6bb355a55112975fa668baae08559b
- SHA256
  
  39fd80c14de6c7f35cf46db75ff8948daa5c48a78567155c278a872d0382232e
- SHA512
  
  e5bfd30312188c3d26730deb0db114171baef26c5bb2f1db845961cea8f84179989737974949070b5c66485041df29d22d495747489c72e88a88f651dafbdc22
- SSDEEP
  
  1536:TcoU49/91oN36tRQviFw1zI9RBnvAmfLteF3nLrB9z3nWaF9bvS9vM:TcoU49/91oN36tRQviFC0vBnNfWl9zG4
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1