General
-
Target
34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe
-
Size
95KB
-
Sample
241123-qwjnvaskcq
-
MD5
28cfadb2dc13d3274d30e5117757420f
-
SHA1
1364505c347631d3b33b36c9f6497abff3d35f2e
-
SHA256
34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560
-
SHA512
435bab82617962e03442de4b1c65af8291c3e633703670abaf6ad379e989c34724318f7fc12f4354b9557a82b06f86fc66f16a53b96dfc8b154f6f15aa3e491b
-
SSDEEP
1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBbq:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1Du
Static task
static1
Behavioral task
behavioral1
Sample
34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.6.4
scammer
oxy01.linkpc.net:1177
08f4dc96bbb7af09d1a37fe35c75a42f
-
reg_key
08f4dc96bbb7af09d1a37fe35c75a42f
-
splitter
|'|'|
Targets
-
-
Target
34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe
-
Size
95KB
-
MD5
28cfadb2dc13d3274d30e5117757420f
-
SHA1
1364505c347631d3b33b36c9f6497abff3d35f2e
-
SHA256
34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560
-
SHA512
435bab82617962e03442de4b1c65af8291c3e633703670abaf6ad379e989c34724318f7fc12f4354b9557a82b06f86fc66f16a53b96dfc8b154f6f15aa3e491b
-
SSDEEP
1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBbq:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1Du
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1