General
-
Target
91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d.exe
-
Size
172KB
-
Sample
241124-gh8w5ssqhl
-
MD5
31a3740cc99c9c07023248be02963fc6
-
SHA1
cd340fa1b4cffa7735d82ae67e3aeebad82b0d4f
-
SHA256
91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d
-
SHA512
7a5e0a4665c9b4e1ba3c3720e06eac96655ee80d2e6d6773eddfc570da1b58cde702c719a48e09ce9f65a94de61d3dce48153e7b5beebc8619e0cda67171649d
-
SSDEEP
3072:PFBUIROK34+J5ra0/B6yNpa8/vqgI2pb5LgaTc6Pg/CcZLoKy5o++e1:PFBpIK5GeNA8nhpb/cx/CvKy5o+j1
Static task
static1
Behavioral task
behavioral1
Sample
91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
karimpiratage.ddns.net:1177
38c561b772ad19a01872b80289465369
-
reg_key
38c561b772ad19a01872b80289465369
-
splitter
|'|'|
Targets
-
-
Target
91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d.exe
-
Size
172KB
-
MD5
31a3740cc99c9c07023248be02963fc6
-
SHA1
cd340fa1b4cffa7735d82ae67e3aeebad82b0d4f
-
SHA256
91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d
-
SHA512
7a5e0a4665c9b4e1ba3c3720e06eac96655ee80d2e6d6773eddfc570da1b58cde702c719a48e09ce9f65a94de61d3dce48153e7b5beebc8619e0cda67171649d
-
SSDEEP
3072:PFBUIROK34+J5ra0/B6yNpa8/vqgI2pb5LgaTc6Pg/CcZLoKy5o++e1:PFBpIK5GeNA8nhpb/cx/CvKy5o+j1
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1