General

  • Target

    Helper.exe

  • Size

    37KB

  • Sample

    241011-lgrzfs1fjk

  • MD5

    e80ba64de755b0967d081e1b4ddfd65f

  • SHA1

    097d5ffdd0aa341dff4f6aa47e445add14ecd958

  • SHA256

    9e528ed59979757aa9f8ef0067affdaf0dc6450767068141481794b046c423ec

  • SHA512

    078f32a5a0f6f06f86c3977162fef8b5137b4ee9d59239e4844fa61985243216b326ef004e2cef6ebea42ec92767e785416ba070d613a87683499c16ad5cb309

  • SSDEEP

    384:Rr0vUiSgL1G5k2gyk/qSvDU/as3QV8rAF+rMRTyN/0L+EcoinblneHQM3epzXQ3m:h0l32bk/qSYSs3Q2rM+rMRa8Nu+3it

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

##

C2

away-displays.gl.at.ply.gg:26916

Mutex

b4ed840162f3d2fc50625ec8092db6d4

Attributes
  • reg_key

    b4ed840162f3d2fc50625ec8092db6d4

  • splitter

    |'|'|

Targets

    • Target

      Helper.exe

    • Size

      37KB

    • MD5

      e80ba64de755b0967d081e1b4ddfd65f

    • SHA1

      097d5ffdd0aa341dff4f6aa47e445add14ecd958

    • SHA256

      9e528ed59979757aa9f8ef0067affdaf0dc6450767068141481794b046c423ec

    • SHA512

      078f32a5a0f6f06f86c3977162fef8b5137b4ee9d59239e4844fa61985243216b326ef004e2cef6ebea42ec92767e785416ba070d613a87683499c16ad5cb309

    • SSDEEP

      384:Rr0vUiSgL1G5k2gyk/qSvDU/as3QV8rAF+rMRTyN/0L+EcoinblneHQM3epzXQ3m:h0l32bk/qSYSs3Q2rM+rMRa8Nu+3it

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks