General
-
Target
FiveMFileErrorFixer.exe
-
Size
93KB
-
Sample
241121-vj8vesyjgl
-
MD5
45c9b9fa6b615cd1f013e13d8b3054bb
-
SHA1
fc0c3e255a13aa5ae27f6c290ce329bed5265453
-
SHA256
24f4b10f40eb128bab7c7692f3dee8892c91bdb5d8d40e5231543726dda521e4
-
SHA512
743ec0a866258b81a65f432d9179a151f770e141a933ba43d640ce4479533207b5c105fd6a2fc15b6818bd4324a652209c3a3a64de81da372cd5e268d6a0d3d3
-
SSDEEP
1536:MPPmqVulfoEGUeFXAOPc+jEwzGi1dDjDmgS:MP8lfodUeBAOPcHi1dDL
Behavioral task
behavioral1
Sample
FiveMFileErrorFixer.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
FiveMFileErrorFixer.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:5552
660d96b74fc3ffcb1da26329a0336912
-
reg_key
660d96b74fc3ffcb1da26329a0336912
-
splitter
|'|'|
Targets
-
-
Target
FiveMFileErrorFixer.exe
-
Size
93KB
-
MD5
45c9b9fa6b615cd1f013e13d8b3054bb
-
SHA1
fc0c3e255a13aa5ae27f6c290ce329bed5265453
-
SHA256
24f4b10f40eb128bab7c7692f3dee8892c91bdb5d8d40e5231543726dda521e4
-
SHA512
743ec0a866258b81a65f432d9179a151f770e141a933ba43d640ce4479533207b5c105fd6a2fc15b6818bd4324a652209c3a3a64de81da372cd5e268d6a0d3d3
-
SSDEEP
1536:MPPmqVulfoEGUeFXAOPc+jEwzGi1dDjDmgS:MP8lfodUeBAOPcHi1dDL
-
Njrat family
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1