General
-
Target
Helper.exe
-
Size
37KB
-
Sample
241011-lgrzfs1fjk
-
MD5
e80ba64de755b0967d081e1b4ddfd65f
-
SHA1
097d5ffdd0aa341dff4f6aa47e445add14ecd958
-
SHA256
9e528ed59979757aa9f8ef0067affdaf0dc6450767068141481794b046c423ec
-
SHA512
078f32a5a0f6f06f86c3977162fef8b5137b4ee9d59239e4844fa61985243216b326ef004e2cef6ebea42ec92767e785416ba070d613a87683499c16ad5cb309
-
SSDEEP
384:Rr0vUiSgL1G5k2gyk/qSvDU/as3QV8rAF+rMRTyN/0L+EcoinblneHQM3epzXQ3m:h0l32bk/qSYSs3Q2rM+rMRa8Nu+3it
Behavioral task
behavioral1
Sample
Helper.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
im523
##
away-displays.gl.at.ply.gg:26916
b4ed840162f3d2fc50625ec8092db6d4
-
reg_key
b4ed840162f3d2fc50625ec8092db6d4
-
splitter
|'|'|
Targets
-
-
Target
Helper.exe
-
Size
37KB
-
MD5
e80ba64de755b0967d081e1b4ddfd65f
-
SHA1
097d5ffdd0aa341dff4f6aa47e445add14ecd958
-
SHA256
9e528ed59979757aa9f8ef0067affdaf0dc6450767068141481794b046c423ec
-
SHA512
078f32a5a0f6f06f86c3977162fef8b5137b4ee9d59239e4844fa61985243216b326ef004e2cef6ebea42ec92767e785416ba070d613a87683499c16ad5cb309
-
SSDEEP
384:Rr0vUiSgL1G5k2gyk/qSvDU/as3QV8rAF+rMRTyN/0L+EcoinblneHQM3epzXQ3m:h0l32bk/qSYSs3Q2rM+rMRa8Nu+3it
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1