General
-
Target
e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498
-
Size
30KB
-
Sample
241014-fsb5gszbpg
-
MD5
643281d625ce388612c2f1cb5c56f5ef
-
SHA1
45e0244dac1d51122531d8d8dd0c08178de1fc60
-
SHA256
e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498
-
SHA512
6ced1b26facef98598420db3e3ace18328c2de598a73529d25785d1bd73b478fbcf2e5ea5dc38b5e7878679b885a33dee3aab0b497743e3acd524d4458ba1864
-
SSDEEP
768:rRbSjG1XB9Qzxry1nIP/obxvCTQmIDUu0tizAFgj:4m6ixsQVkvij
Behavioral task
behavioral1
Sample
e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
OnShop
127.0.0.1:5555
43bd4b5503915c411b0354ec69673c15
-
reg_key
43bd4b5503915c411b0354ec69673c15
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498
-
Size
30KB
-
MD5
643281d625ce388612c2f1cb5c56f5ef
-
SHA1
45e0244dac1d51122531d8d8dd0c08178de1fc60
-
SHA256
e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498
-
SHA512
6ced1b26facef98598420db3e3ace18328c2de598a73529d25785d1bd73b478fbcf2e5ea5dc38b5e7878679b885a33dee3aab0b497743e3acd524d4458ba1864
-
SSDEEP
768:rRbSjG1XB9Qzxry1nIP/obxvCTQmIDUu0tizAFgj:4m6ixsQVkvij
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1