General
-
Target
861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953
-
Size
93KB
-
Sample
241208-a1p4esyjgr
-
MD5
ccb06fa4b339cc8ff5ae2331dda084b4
-
SHA1
0d1af1ebe0cb29ebf9ea4c76a7630661553b64db
-
SHA256
861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953
-
SHA512
a716f4906ac8ba1135471deef804e886891cfdc7b3f8b8d471a8fec0aadb0a39051b5adb3930c6a715b2c7a6a46168bacb6ef9705925bfd02fd88b4ebc335952
-
SSDEEP
1536:InwEnYi9bzKuZ+8uZ3nV5XS65mkrPZ58kzQ+e+e+:IwaYi9bsh7J7M+e+e+
Behavioral task
behavioral1
Sample
861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
v4.0
Steam
40.80.147.203:8080
Steam
-
reg_key
Steam
-
splitter
|-F-|
Targets
-
-
Target
861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953
-
Size
93KB
-
MD5
ccb06fa4b339cc8ff5ae2331dda084b4
-
SHA1
0d1af1ebe0cb29ebf9ea4c76a7630661553b64db
-
SHA256
861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953
-
SHA512
a716f4906ac8ba1135471deef804e886891cfdc7b3f8b8d471a8fec0aadb0a39051b5adb3930c6a715b2c7a6a46168bacb6ef9705925bfd02fd88b4ebc335952
-
SSDEEP
1536:InwEnYi9bzKuZ+8uZ3nV5XS65mkrPZ58kzQ+e+e+:IwaYi9bsh7J7M+e+e+
Score10/10-
Njrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1