General
-
Target
5639922ef88efb99a43a7ec4dc3a2c5ad8009013e3bbd2af9f22a81d4cd99bbcN
-
Size
8.7MB
-
Sample
241104-kd1lraxfpb
-
MD5
b9d3bbc92c5b0445009268506d8203e0
-
SHA1
ddc75e7ed111bf40d052533734fb4b435c4f0154
-
SHA256
5639922ef88efb99a43a7ec4dc3a2c5ad8009013e3bbd2af9f22a81d4cd99bbc
-
SHA512
4314cadcae2a83ef7385eafcd09a45d9dc4c0da736b312a86c06079e8b7f0a1f396242c824d5725c04cf23c425136bd8eec8a4e80a023eefb855310f958fd0f3
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbz:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmn
Static task
static1
Behavioral task
behavioral1
Sample
5639922ef88efb99a43a7ec4dc3a2c5ad8009013e3bbd2af9f22a81d4cd99bbcN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5639922ef88efb99a43a7ec4dc3a2c5ad8009013e3bbd2af9f22a81d4cd99bbcN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
jjj
youri.mooo.com:1605
e936a10f968ac948cd351c9629dbd36d
-
reg_key
e936a10f968ac948cd351c9629dbd36d
-
splitter
|'|'|
Targets
-
-
Target
5639922ef88efb99a43a7ec4dc3a2c5ad8009013e3bbd2af9f22a81d4cd99bbcN
-
Size
8.7MB
-
MD5
b9d3bbc92c5b0445009268506d8203e0
-
SHA1
ddc75e7ed111bf40d052533734fb4b435c4f0154
-
SHA256
5639922ef88efb99a43a7ec4dc3a2c5ad8009013e3bbd2af9f22a81d4cd99bbc
-
SHA512
4314cadcae2a83ef7385eafcd09a45d9dc4c0da736b312a86c06079e8b7f0a1f396242c824d5725c04cf23c425136bd8eec8a4e80a023eefb855310f958fd0f3
-
SSDEEP
196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbz:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmn
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1