General
-
Target
test.exe
-
Size
27KB
-
Sample
241030-xylpjszeln
-
MD5
97dc472b0e7e8fbb5613ba8b4456c49d
-
SHA1
9d4f28a6fca25c4e478e2582f748288ecf3437a0
-
SHA256
927410e5f71f8159ec20d0f12f280fbd5187f40b90e8f9f4f9a5b556e5d679d5
-
SHA512
3b26c906558c26bc795df6114867638249256e1e3a685951a7325bcdc6ff9ed388e7b1f9b1d729247fc6bf82271d54301ac00f9aa5699e38f26e6c8e01dee848
-
SSDEEP
384:fLbQKJ3bEZjmgERA40DwoyumGPiJRjMFAQk93vmhm7UMKmIEecKdbXTzm9bVhcac:T8K5bEQE40fLFA/vMHTi9bD
Behavioral task
behavioral1
Sample
test.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
njrat
v2.0
HacKed
17.ip.gl.ply.gg:33786
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
test.exe
-
Size
27KB
-
MD5
97dc472b0e7e8fbb5613ba8b4456c49d
-
SHA1
9d4f28a6fca25c4e478e2582f748288ecf3437a0
-
SHA256
927410e5f71f8159ec20d0f12f280fbd5187f40b90e8f9f4f9a5b556e5d679d5
-
SHA512
3b26c906558c26bc795df6114867638249256e1e3a685951a7325bcdc6ff9ed388e7b1f9b1d729247fc6bf82271d54301ac00f9aa5699e38f26e6c8e01dee848
-
SSDEEP
384:fLbQKJ3bEZjmgERA40DwoyumGPiJRjMFAQk93vmhm7UMKmIEecKdbXTzm9bVhcac:T8K5bEQE40fLFA/vMHTi9bD
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1