General
-
Target
Client.exe
-
Size
31KB
-
Sample
241213-m4jf9swmey
-
MD5
eb6401a1d957dce189e9a1ad06f41172
-
SHA1
ed58fef2021887c89e2c183d648325e5103eb2dd
-
SHA256
040473f2b73f8947306d2fa9d99c441447026a56ddcdce11720c17be62e000a8
-
SHA512
9417fb14d0a8eee31fa6d38df314b9842b01365b0e04885f770da02552125e006cdea6de2ae779db616c0247c41406b8c4c00fca8eb6b646c816e50c35230af6
-
SSDEEP
768:55JEpBZhjzOzx5+R4s/Hu56HdAbiTinvaTQmIDUu0tiEUj:6D6uukAbiT6oQVkwj
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Client.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
MyBot
127.0.0.1:6522
ba8bb006c6a684a6e6ce01b11f9779df
-
reg_key
ba8bb006c6a684a6e6ce01b11f9779df
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
Client.exe
-
Size
31KB
-
MD5
eb6401a1d957dce189e9a1ad06f41172
-
SHA1
ed58fef2021887c89e2c183d648325e5103eb2dd
-
SHA256
040473f2b73f8947306d2fa9d99c441447026a56ddcdce11720c17be62e000a8
-
SHA512
9417fb14d0a8eee31fa6d38df314b9842b01365b0e04885f770da02552125e006cdea6de2ae779db616c0247c41406b8c4c00fca8eb6b646c816e50c35230af6
-
SSDEEP
768:55JEpBZhjzOzx5+R4s/Hu56HdAbiTinvaTQmIDUu0tiEUj:6D6uukAbiT6oQVkwj
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1