General
-
Target
70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760.exe
-
Size
93KB
-
Sample
241217-drkdcszlgp
-
MD5
56136d844535b62d144f7a5681286e9e
-
SHA1
2f3f4f9a1626e8fbc5126bea62a044eefcad83f0
-
SHA256
70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760
-
SHA512
9cbc927c0917d27f8bbe4c0d02349399f5c44db6176ac22d7857dfa68a5b5e6cc86750d42524484547fefd6663633bf26f6525b2efd8cdd90e424e54c484b19b
-
SSDEEP
768:tY3zitD9O/pBcxYsbae6GIXb9pDXQzVMBwXCmXxrjEtCdnl2pi1Rz4Rk3xsGd0E3:QinOx6baIa9RtytjEwzGi1dDBKEgS
Behavioral task
behavioral1
Sample
70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
dock
hakim32.ddns.net:2000
pool-tournaments.gl.at.ply.gg:7445
f1131a682275158f890d0e173fc26677
-
reg_key
f1131a682275158f890d0e173fc26677
-
splitter
|'|'|
Targets
-
-
Target
70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760.exe
-
Size
93KB
-
MD5
56136d844535b62d144f7a5681286e9e
-
SHA1
2f3f4f9a1626e8fbc5126bea62a044eefcad83f0
-
SHA256
70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760
-
SHA512
9cbc927c0917d27f8bbe4c0d02349399f5c44db6176ac22d7857dfa68a5b5e6cc86750d42524484547fefd6663633bf26f6525b2efd8cdd90e424e54c484b19b
-
SSDEEP
768:tY3zitD9O/pBcxYsbae6GIXb9pDXQzVMBwXCmXxrjEtCdnl2pi1Rz4Rk3xsGd0E3:QinOx6baIa9RtytjEwzGi1dDBKEgS
-
Njrat family
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1