General
-
Target
bba1c348e80dc3737f8ec74c0e0c67e10323900eb1500b8ea5b8471b21a5ed61
-
Size
2.0MB
-
Sample
241206-knkchsvmgq
-
MD5
f3aef511705f37f9792c6032b936ca61
-
SHA1
eea5a388582c3fc189ff89ea213848d75f5332dc
-
SHA256
bba1c348e80dc3737f8ec74c0e0c67e10323900eb1500b8ea5b8471b21a5ed61
-
SHA512
f5bcc054517a3c9be56c4ea35daa1ff78ada7b8769b134e68acbc9ca1e1155d5e814fcb9b51d251ca86765a395b3d61b155b8b21b2ba9e66183bf6224e6de8ea
-
SSDEEP
49152:V4CEM5MjMUOWGz6h4tU2+2yd/YNOGx65soFFQSZIyLD7+EFMy:cM5YF9hCR/aArxisg/Pay
Static task
static1
Behavioral task
behavioral1
Sample
NjRat Loader.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
NjRat Loader.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
im523
HacKed
2.tcp.eu.ngrok.io:16299
6d90d9a2ca0b357d5f629d5cdbe8d0d2
-
reg_key
6d90d9a2ca0b357d5f629d5cdbe8d0d2
-
splitter
|'|'|
Targets
-
-
Target
NjRat Loader.exe
-
Size
2.3MB
-
MD5
e4631d6e2fee44de27d84aff1ce7c7a5
-
SHA1
d16bc9a9e7249e8f5b519cabbaafa0f1462bccdd
-
SHA256
008478ff6c70392e5ecf933881df2c44f31fdf76ad88c407191233cb39de6528
-
SHA512
fdba6e4c6ce13996f05bfa0680383c809b177aedbd300ce42e7f378fd8ad1a1b2cfbc6342b5f0f64d03142bc25f3cf538829cbd01c539ec4c1477121b8f6e8be
-
SSDEEP
49152:x842+3u+OurHvP4yU222Yd/2bIKxwc6XfnVmAfIg39EJ:x8gTdrHvPfRn8ulx36PrNQ
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1