General
-
Target
2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp
-
Size
8.8MB
-
Sample
241007-k91xdsxerk
-
MD5
dc12c3ed6545883e412fd53aee9f9bc8
-
SHA1
745727e55ea35ef91fdae244f1d09f146309090c
-
SHA256
590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c
-
SHA512
eef34bca2e27e0e1ea61c12d82a85407a852b7ef236c4d6a91ec2e85a9be4a85219363759dbb2db23744c7772b9ccd0209977621a681f1345fa5754bfe30be4c
-
SSDEEP
196608:Ryz6ERB80Yd/m9r8IstNEcOq+OM2OYje:RI6ERBud/m9rmDOezj
Behavioral task
behavioral1
Sample
2792-29-0x00000000002A0000-0x0000000000B6A000-memory.exe
Resource
win7-20240903-en
Malware Config
Extracted
njrat
v4.0
HacKed
still-obviously.gl.at.ply.gg:46857
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp
-
Size
8.8MB
-
MD5
dc12c3ed6545883e412fd53aee9f9bc8
-
SHA1
745727e55ea35ef91fdae244f1d09f146309090c
-
SHA256
590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c
-
SHA512
eef34bca2e27e0e1ea61c12d82a85407a852b7ef236c4d6a91ec2e85a9be4a85219363759dbb2db23744c7772b9ccd0209977621a681f1345fa5754bfe30be4c
-
SSDEEP
196608:Ryz6ERB80Yd/m9r8IstNEcOq+OM2OYje:RI6ERBud/m9rmDOezj
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1