General

  • Target

    testingg.exe

  • Size

    93KB

  • Sample

    241213-m9e12awnhw

  • MD5

    87301d7789d34f5f9e2d497b4d9b8f88

  • SHA1

    b65a76d11f1d2e44d6f5113cf0212bc36abb17b1

  • SHA256

    fdab671fc30cd30956d58c4b148fc1164cf45c9d766bb0e5b34f144b40d68516

  • SHA512

    e60f39a599e59e72137edc83b00704abd716fbadc2a46b942aa325491a9af02628b2225123ba27ed09c077933b526917b3004d7e6659708e43308eb1fbfe7856

  • SSDEEP

    1536:jey1GkeUqZJO5kNSimjEwzGi1dDYDfgS:jedUqZJOiAOi1dO4

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Player

C2

hakim32.ddns.net:2000

147.185.221.19:27692

Mutex

031d13bbbb63d50987953ffedfddbc61

Attributes
  • reg_key

    031d13bbbb63d50987953ffedfddbc61

  • splitter

    |'|'|

Targets

    • Target

      testingg.exe

    • Size

      93KB

    • MD5

      87301d7789d34f5f9e2d497b4d9b8f88

    • SHA1

      b65a76d11f1d2e44d6f5113cf0212bc36abb17b1

    • SHA256

      fdab671fc30cd30956d58c4b148fc1164cf45c9d766bb0e5b34f144b40d68516

    • SHA512

      e60f39a599e59e72137edc83b00704abd716fbadc2a46b942aa325491a9af02628b2225123ba27ed09c077933b526917b3004d7e6659708e43308eb1fbfe7856

    • SSDEEP

      1536:jey1GkeUqZJO5kNSimjEwzGi1dDYDfgS:jedUqZJOiAOi1dO4

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks