General
-
Target
testingg.exe
-
Size
93KB
-
Sample
241213-m9e12awnhw
-
MD5
87301d7789d34f5f9e2d497b4d9b8f88
-
SHA1
b65a76d11f1d2e44d6f5113cf0212bc36abb17b1
-
SHA256
fdab671fc30cd30956d58c4b148fc1164cf45c9d766bb0e5b34f144b40d68516
-
SHA512
e60f39a599e59e72137edc83b00704abd716fbadc2a46b942aa325491a9af02628b2225123ba27ed09c077933b526917b3004d7e6659708e43308eb1fbfe7856
-
SSDEEP
1536:jey1GkeUqZJO5kNSimjEwzGi1dDYDfgS:jedUqZJOiAOi1dO4
Behavioral task
behavioral1
Sample
testingg.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
testingg.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
Player
hakim32.ddns.net:2000
147.185.221.19:27692
031d13bbbb63d50987953ffedfddbc61
-
reg_key
031d13bbbb63d50987953ffedfddbc61
-
splitter
|'|'|
Targets
-
-
Target
testingg.exe
-
Size
93KB
-
MD5
87301d7789d34f5f9e2d497b4d9b8f88
-
SHA1
b65a76d11f1d2e44d6f5113cf0212bc36abb17b1
-
SHA256
fdab671fc30cd30956d58c4b148fc1164cf45c9d766bb0e5b34f144b40d68516
-
SHA512
e60f39a599e59e72137edc83b00704abd716fbadc2a46b942aa325491a9af02628b2225123ba27ed09c077933b526917b3004d7e6659708e43308eb1fbfe7856
-
SSDEEP
1536:jey1GkeUqZJO5kNSimjEwzGi1dDYDfgS:jedUqZJOiAOi1dO4
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1