General
-
Target
18e17c9f24fbd98e67d34b0e64a7b3ef4c3e7ea04a96868958206bab25cf188f
-
Size
8.7MB
-
Sample
241016-xjtfvawdma
-
MD5
3010c1012014d92527a0da9d85e82c2c
-
SHA1
3aaf2a6b2d1275d3792381f66b111fc343aa8f4c
-
SHA256
18e17c9f24fbd98e67d34b0e64a7b3ef4c3e7ea04a96868958206bab25cf188f
-
SHA512
5569c66dd334c8db135d0580d7c0be57edb1e1df7d9d9d952bc135181fb7a49de57097197806294ffce49e490c17c7d19376d419f780e77bd8a109a81dbd4c04
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbl:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmR
Static task
static1
Behavioral task
behavioral1
Sample
18e17c9f24fbd98e67d34b0e64a7b3ef4c3e7ea04a96868958206bab25cf188f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
18e17c9f24fbd98e67d34b0e64a7b3ef4c3e7ea04a96868958206bab25cf188f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
jjj
youri.mooo.com:1605
e936a10f968ac948cd351c9629dbd36d
-
reg_key
e936a10f968ac948cd351c9629dbd36d
-
splitter
|'|'|
Targets
-
-
Target
18e17c9f24fbd98e67d34b0e64a7b3ef4c3e7ea04a96868958206bab25cf188f
-
Size
8.7MB
-
MD5
3010c1012014d92527a0da9d85e82c2c
-
SHA1
3aaf2a6b2d1275d3792381f66b111fc343aa8f4c
-
SHA256
18e17c9f24fbd98e67d34b0e64a7b3ef4c3e7ea04a96868958206bab25cf188f
-
SHA512
5569c66dd334c8db135d0580d7c0be57edb1e1df7d9d9d952bc135181fb7a49de57097197806294ffce49e490c17c7d19376d419f780e77bd8a109a81dbd4c04
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbl:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmR
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1