General
-
Target
https://github.com/Viper4K/malware/tree/master/MEMZ
-
Sample
241212-p3txqavkby
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Viper4K/malware/tree/master/MEMZ
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
Slaves
hom135.ddns.net:100
d4903fdacbb79e6cd1109a741a2bc821
d4903fdacbb79e6cd1109a741a2bc821
-
reg_key
d4903fdacbb79e6cd1109a741a2bc821
-
splitter
|'|'|
Targets
-
-
Target
https://github.com/Viper4K/malware/tree/master/MEMZ
-
Njrat family
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Permission Groups Discovery
1Local Groups
1Query Registry
4Remote System Discovery
1System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1