General
-
Target
ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050N.exe
-
Size
23KB
-
Sample
241127-n3r8fssmcv
-
MD5
50557085aa9b11dcd7c0abfc315cf990
-
SHA1
c45eb0e488fc26d0223dfbc1788b742302e02c86
-
SHA256
ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050
-
SHA512
9a8cbdf648e2701740eabb2426c45e360f4cf4ae3320d3517c48b9ab3422c51d45d9c6e7f1cd71542dc28f1b9038fde3e16d9269db1e0c20b59be9f45b3e2e24
-
SSDEEP
384:y8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZhB:lXcwt3tRpcnug
Behavioral task
behavioral1
Sample
ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
TAKTOUKA
127.0.0.1:8090
2239074f375016b7c06b239673132d3c
-
reg_key
2239074f375016b7c06b239673132d3c
-
splitter
|'|'|
Targets
-
-
Target
ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050N.exe
-
Size
23KB
-
MD5
50557085aa9b11dcd7c0abfc315cf990
-
SHA1
c45eb0e488fc26d0223dfbc1788b742302e02c86
-
SHA256
ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050
-
SHA512
9a8cbdf648e2701740eabb2426c45e360f4cf4ae3320d3517c48b9ab3422c51d45d9c6e7f1cd71542dc28f1b9038fde3e16d9269db1e0c20b59be9f45b3e2e24
-
SSDEEP
384:y8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZhB:lXcwt3tRpcnug
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1