General
-
Target
7818d48041e19c88709113ec72fe00f3164285d90bd1f5a1de553e806229b216N
-
Size
113KB
-
Sample
241105-vrss6svdrf
-
MD5
1a8383ed5aa8a0c43c1437044532b200
-
SHA1
4091c04389e4a52711b699801aeccca10f95b41c
-
SHA256
7818d48041e19c88709113ec72fe00f3164285d90bd1f5a1de553e806229b216
-
SHA512
c7ea9d63486ab2c7f425853661e478fb3c3737ad2a2ba22351ab2f76ae1396e2b97ead5dfa541c40ca87c536e1df1a6f7fe9486e9a6c0f50e0af708d07d9ddd9
-
SSDEEP
1536:orp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4xtKegoxmOBh73v7:w5eznsjsguGDFqGx8egoxmO3rv7
Static task
static1
Behavioral task
behavioral1
Sample
7818d48041e19c88709113ec72fe00f3164285d90bd1f5a1de553e806229b216N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7818d48041e19c88709113ec72fe00f3164285d90bd1f5a1de553e806229b216N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
neuf
doddyfire.linkpc.net:10000
e1a87040f2026369a233f9ae76301b7b
-
reg_key
e1a87040f2026369a233f9ae76301b7b
-
splitter
|'|'|
Targets
-
-
Target
7818d48041e19c88709113ec72fe00f3164285d90bd1f5a1de553e806229b216N
-
Size
113KB
-
MD5
1a8383ed5aa8a0c43c1437044532b200
-
SHA1
4091c04389e4a52711b699801aeccca10f95b41c
-
SHA256
7818d48041e19c88709113ec72fe00f3164285d90bd1f5a1de553e806229b216
-
SHA512
c7ea9d63486ab2c7f425853661e478fb3c3737ad2a2ba22351ab2f76ae1396e2b97ead5dfa541c40ca87c536e1df1a6f7fe9486e9a6c0f50e0af708d07d9ddd9
-
SSDEEP
1536:orp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4xtKegoxmOBh73v7:w5eznsjsguGDFqGx8egoxmO3rv7
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1