General
-
Target
00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e.exe
-
Size
343KB
-
Sample
241121-nqhs9a1epe
-
MD5
e90fd1f172de410f0921d0b4a57c90e3
-
SHA1
89eb6e52bd2646f48c06103411ce88e3fc6d58f6
-
SHA256
00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e
-
SHA512
380c078bb64b9ce4ffcdf7280b6dc84b8bcf9470c3a93b556bed946edc46cb3116aba47d588b55d1fcbae7b5b5a66edb1d5bb93e78455ace0a75039ca1b099e3
-
SSDEEP
6144:gy+QnQZakoARoXQfux2eNewQjfNa88u4sVxA9S/OYhsYesYgv00dQ:9+Qn4aVACQefeRaX9sfAc3h5esYgv00y
Static task
static1
Behavioral task
behavioral1
Sample
00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
punk1
suchwoni13.ddns.net:4030
7f8acde012caa987026616c48ee81144
-
reg_key
7f8acde012caa987026616c48ee81144
-
splitter
|'|'|
Targets
-
-
Target
00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e.exe
-
Size
343KB
-
MD5
e90fd1f172de410f0921d0b4a57c90e3
-
SHA1
89eb6e52bd2646f48c06103411ce88e3fc6d58f6
-
SHA256
00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e
-
SHA512
380c078bb64b9ce4ffcdf7280b6dc84b8bcf9470c3a93b556bed946edc46cb3116aba47d588b55d1fcbae7b5b5a66edb1d5bb93e78455ace0a75039ca1b099e3
-
SSDEEP
6144:gy+QnQZakoARoXQfux2eNewQjfNa88u4sVxA9S/OYhsYesYgv00dQ:9+Qn4aVACQefeRaX9sfAc3h5esYgv00y
-
Njrat family
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1