General
-
Target
12fbee2ea0cd1b8ac5559789019e001da8a798d8cf7e1c71339ea75b469e3880
-
Size
8.7MB
-
Sample
241012-xlqsqswcqg
-
MD5
261906da2943c01fe7e15d2921c70dae
-
SHA1
28e1721c909ff637339a5b52722cd50f7ff481ca
-
SHA256
12fbee2ea0cd1b8ac5559789019e001da8a798d8cf7e1c71339ea75b469e3880
-
SHA512
031963dc1c2cde8c3ffd31bb3d85ab83ed20e636e43d55affb8fa615fb2d930749367fc591cf79859940ba4fcd20896834fd78d00cfedd1fc05e8adae0541d12
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbB:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmN
Static task
static1
Behavioral task
behavioral1
Sample
12fbee2ea0cd1b8ac5559789019e001da8a798d8cf7e1c71339ea75b469e3880.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
12fbee2ea0cd1b8ac5559789019e001da8a798d8cf7e1c71339ea75b469e3880.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
jjj
youri.mooo.com:1605
e936a10f968ac948cd351c9629dbd36d
-
reg_key
e936a10f968ac948cd351c9629dbd36d
-
splitter
|'|'|
Targets
-
-
Target
12fbee2ea0cd1b8ac5559789019e001da8a798d8cf7e1c71339ea75b469e3880
-
Size
8.7MB
-
MD5
261906da2943c01fe7e15d2921c70dae
-
SHA1
28e1721c909ff637339a5b52722cd50f7ff481ca
-
SHA256
12fbee2ea0cd1b8ac5559789019e001da8a798d8cf7e1c71339ea75b469e3880
-
SHA512
031963dc1c2cde8c3ffd31bb3d85ab83ed20e636e43d55affb8fa615fb2d930749367fc591cf79859940ba4fcd20896834fd78d00cfedd1fc05e8adae0541d12
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbB:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmN
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1