General
-
Target
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6
-
Size
37KB
-
Sample
241114-bhr1qswjdm
-
MD5
8123fc137d73b3b92fc40be61af08ace
-
SHA1
b11168a1ad6d72808b176f0c889bfa220d13813e
-
SHA256
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6
-
SHA512
cf225e298886dc63584f7615891a3f4fc9773d4e2078a1363dba8547b1e85627b5bb5dcc18dbbcd51e3375bc18fb122ae4846bb92735d0c963ac0e9f71f56453
-
SSDEEP
384:eLExxTGARStybaVhonbUOgg5Ctc5EmAoiCWsWGac5LoaPGtvx93pMKm+M5hsTz6N:IExTyLhChggkdeWKacbOtbNqTYDYRD
Behavioral task
behavioral1
Sample
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d | By Brontok
Victim
spk.accesscam.org:55554
m9o1ocabbaxon9ndffebx7uutlcl49nl
-
reg_key
m9o1ocabbaxon9ndffebx7uutlcl49nl
-
splitter
|'|'|
Targets
-
-
Target
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6
-
Size
37KB
-
MD5
8123fc137d73b3b92fc40be61af08ace
-
SHA1
b11168a1ad6d72808b176f0c889bfa220d13813e
-
SHA256
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6
-
SHA512
cf225e298886dc63584f7615891a3f4fc9773d4e2078a1363dba8547b1e85627b5bb5dcc18dbbcd51e3375bc18fb122ae4846bb92735d0c963ac0e9f71f56453
-
SSDEEP
384:eLExxTGARStybaVhonbUOgg5Ctc5EmAoiCWsWGac5LoaPGtvx93pMKm+M5hsTz6N:IExTyLhChggkdeWKacbOtbNqTYDYRD
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1