General
-
Target
a4d2060b27fbf0500f87ddf80278ebd9f7c0861d487250b0048a4fd87fa79b8f
-
Size
93KB
-
Sample
241217-v1rmgatkbv
-
MD5
ceabf00e91c6d219345af40a28da43e8
-
SHA1
1203c6455e46b4a7007dea71f81849d50e3e48c1
-
SHA256
a4d2060b27fbf0500f87ddf80278ebd9f7c0861d487250b0048a4fd87fa79b8f
-
SHA512
6098e888ebde819d137d9132d7f27dee52c9214c64f76aad6ddac713426ad62a10cf37c36d9bcd568156b5c83f43cad80cb4608705e1eea7cd220a00ca04707f
-
SSDEEP
768:AY3XiBD7O/pBcxYsbae6GIXb9pDXQzVMBwXCmXxrjEtCdnl2pi1Rz4Rk3B6sGd0F:PipOx6baIa9RtytjEwzGi1dDRmKVgS
Behavioral task
behavioral1
Sample
a4d2060b27fbf0500f87ddf80278ebd9f7c0861d487250b0048a4fd87fa79b8f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a4d2060b27fbf0500f87ddf80278ebd9f7c0861d487250b0048a4fd87fa79b8f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
dock
hakim32.ddns.net:2000
pool-tournaments.gl.at.ply.gg:7445
13123c66ee9d74c7936482e0e7d9809f
-
reg_key
13123c66ee9d74c7936482e0e7d9809f
-
splitter
|'|'|
Targets
-
-
Target
a4d2060b27fbf0500f87ddf80278ebd9f7c0861d487250b0048a4fd87fa79b8f
-
Size
93KB
-
MD5
ceabf00e91c6d219345af40a28da43e8
-
SHA1
1203c6455e46b4a7007dea71f81849d50e3e48c1
-
SHA256
a4d2060b27fbf0500f87ddf80278ebd9f7c0861d487250b0048a4fd87fa79b8f
-
SHA512
6098e888ebde819d137d9132d7f27dee52c9214c64f76aad6ddac713426ad62a10cf37c36d9bcd568156b5c83f43cad80cb4608705e1eea7cd220a00ca04707f
-
SSDEEP
768:AY3XiBD7O/pBcxYsbae6GIXb9pDXQzVMBwXCmXxrjEtCdnl2pi1Rz4Rk3B6sGd0F:PipOx6baIa9RtytjEwzGi1dDRmKVgS
-
Njrat family
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1