General
-
Target
7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891
-
Size
8.7MB
-
Sample
241008-31227svfrf
-
MD5
7ad05b7882ee3609577e965c3568bcc8
-
SHA1
752ba491b6813b2a069c200992c1b3bb796aa0ce
-
SHA256
7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891
-
SHA512
a235a0963b7bf1a2df1a1c3741dd9ef45f4807d7bacf9ff818fd0667d268975c651767025b4899dd9dc20df9c2fb7b47213f58e32df16754364bd5ba529d708d
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbz:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmn
Static task
static1
Behavioral task
behavioral1
Sample
7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
jjj
youri.mooo.com:1605
e936a10f968ac948cd351c9629dbd36d
-
reg_key
e936a10f968ac948cd351c9629dbd36d
-
splitter
|'|'|
Targets
-
-
Target
7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891
-
Size
8.7MB
-
MD5
7ad05b7882ee3609577e965c3568bcc8
-
SHA1
752ba491b6813b2a069c200992c1b3bb796aa0ce
-
SHA256
7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891
-
SHA512
a235a0963b7bf1a2df1a1c3741dd9ef45f4807d7bacf9ff818fd0667d268975c651767025b4899dd9dc20df9c2fb7b47213f58e32df16754364bd5ba529d708d
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbz:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmn
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1