General
-
Target
b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d.exe
-
Size
29KB
-
Sample
241203-tyx6sstjez
-
MD5
47a315bc2987d5c8499bd0e3d9025933
-
SHA1
5329310232bf63e0c22ca0338a604fd7e6a9c9cb
-
SHA256
b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d
-
SHA512
9827232d1b39d86af23851f41d5bbdf81f7e013b3b54ea5a3b99bffe13aae42a5603eeef7a4289cb835c0c4b26ec65d207823672d6af819bad9d2d0d13c887e1
-
SSDEEP
384:5hpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzb:527hoKoGJFNK4Aq1RehBKh0p29SgRdoW
Behavioral task
behavioral1
Sample
b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d.exe
-
Size
29KB
-
MD5
47a315bc2987d5c8499bd0e3d9025933
-
SHA1
5329310232bf63e0c22ca0338a604fd7e6a9c9cb
-
SHA256
b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d
-
SHA512
9827232d1b39d86af23851f41d5bbdf81f7e013b3b54ea5a3b99bffe13aae42a5603eeef7a4289cb835c0c4b26ec65d207823672d6af819bad9d2d0d13c887e1
-
SSDEEP
384:5hpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzb:527hoKoGJFNK4Aq1RehBKh0p29SgRdoW
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1