General
-
Target
e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772
-
Size
23KB
-
Sample
241011-eymmqszgnr
-
MD5
c0a157cfb82241dd74a75354c4c05095
-
SHA1
8b9276cc5c7736543ea9226de779cba7ae317af7
-
SHA256
e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772
-
SHA512
c59737efb4b685b7441ea20b9f76901111dcac7dd753d86afed0658d97ada14de198f1c9f2e22e9b79b6fde9fb9548b4ba21320bd2ddaeac69d46dfa0b93c325
-
SSDEEP
384:iQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZHh:9LL6MVU0NRpcnuK
Behavioral task
behavioral1
Sample
e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
10.10.1.11:5552
59da4ba4e355635c767b06d85318b684
-
reg_key
59da4ba4e355635c767b06d85318b684
-
splitter
|'|'|
Targets
-
-
Target
e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772
-
Size
23KB
-
MD5
c0a157cfb82241dd74a75354c4c05095
-
SHA1
8b9276cc5c7736543ea9226de779cba7ae317af7
-
SHA256
e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772
-
SHA512
c59737efb4b685b7441ea20b9f76901111dcac7dd753d86afed0658d97ada14de198f1c9f2e22e9b79b6fde9fb9548b4ba21320bd2ddaeac69d46dfa0b93c325
-
SSDEEP
384:iQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZHh:9LL6MVU0NRpcnuK
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1