General
-
Target
6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785aN
-
Size
93KB
-
Sample
241017-ydn5lsseld
-
MD5
4638a4d3255b6fa95b8cca9ada4746f0
-
SHA1
45e155e6af5ffc94aaeefa3b5e689da936e125a6
-
SHA256
6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785a
-
SHA512
1fcd84fdec97db5c6b5a9f35ea694ea29452fa8991852099bcd5414f3148a2248a98a07561b4449add087d0d1cf8995e3b751999ea7a485bdcb6d37bbb57ed5f
-
SSDEEP
768:3Y3cCnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk33sGt:BCxOx6baIa9RZj00ljEwzGi1dDjDhgS
Behavioral task
behavioral1
Sample
6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785aN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785aN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:7183
058a6375393cb12414731e355531b4a5
-
reg_key
058a6375393cb12414731e355531b4a5
-
splitter
|'|'|
Targets
-
-
Target
6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785aN
-
Size
93KB
-
MD5
4638a4d3255b6fa95b8cca9ada4746f0
-
SHA1
45e155e6af5ffc94aaeefa3b5e689da936e125a6
-
SHA256
6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785a
-
SHA512
1fcd84fdec97db5c6b5a9f35ea694ea29452fa8991852099bcd5414f3148a2248a98a07561b4449add087d0d1cf8995e3b751999ea7a485bdcb6d37bbb57ed5f
-
SSDEEP
768:3Y3cCnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk33sGt:BCxOx6baIa9RZj00ljEwzGi1dDjDhgS
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1