General

  • Target

    test.exe

  • Size

    27KB

  • Sample

    241030-xylpjszeln

  • MD5

    97dc472b0e7e8fbb5613ba8b4456c49d

  • SHA1

    9d4f28a6fca25c4e478e2582f748288ecf3437a0

  • SHA256

    927410e5f71f8159ec20d0f12f280fbd5187f40b90e8f9f4f9a5b556e5d679d5

  • SHA512

    3b26c906558c26bc795df6114867638249256e1e3a685951a7325bcdc6ff9ed388e7b1f9b1d729247fc6bf82271d54301ac00f9aa5699e38f26e6c8e01dee848

  • SSDEEP

    384:fLbQKJ3bEZjmgERA40DwoyumGPiJRjMFAQk93vmhm7UMKmIEecKdbXTzm9bVhcac:T8K5bEQE40fLFA/vMHTi9bD

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

17.ip.gl.ply.gg:33786

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      test.exe

    • Size

      27KB

    • MD5

      97dc472b0e7e8fbb5613ba8b4456c49d

    • SHA1

      9d4f28a6fca25c4e478e2582f748288ecf3437a0

    • SHA256

      927410e5f71f8159ec20d0f12f280fbd5187f40b90e8f9f4f9a5b556e5d679d5

    • SHA512

      3b26c906558c26bc795df6114867638249256e1e3a685951a7325bcdc6ff9ed388e7b1f9b1d729247fc6bf82271d54301ac00f9aa5699e38f26e6c8e01dee848

    • SSDEEP

      384:fLbQKJ3bEZjmgERA40DwoyumGPiJRjMFAQk93vmhm7UMKmIEecKdbXTzm9bVhcac:T8K5bEQE40fLFA/vMHTi9bD

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks