njrat | 91423704feab36526f26a0e356855dbbd7b40004344dac6ffb8469d8c638e281 | Triage

Sharing

General

Target

a.exe
Size

165KB
Sample

241220-vaw49szrgq
MD5

cce24660d134a955359e362767b66dba
SHA1

7e458b44686d344ef0da66dd2b650458f0c0b610
SHA256

91423704feab36526f26a0e356855dbbd7b40004344dac6ffb8469d8c638e281
SHA512

87e187f6546d6812a20c707e0f97baa7dcec09520a8cdf77f616f3121d47cb7322090d0ff905ca006e350409c316676876d0214101f38c6ef6f1360efb2e8d8b
SSDEEP

3072:dbaQL/EUvHbcOuAW3Lc1xgbLEpop46lvbnRPoG3UdBbp:dbarXcjfup46BbC5Bbp

Score

10^/10

njrat discovery persistence

Malware Config

Targets

- Target
  
  a.exe
- Size
  
  165KB
- MD5
  
  cce24660d134a955359e362767b66dba
- SHA1
  
  7e458b44686d344ef0da66dd2b650458f0c0b610
- SHA256
  
  91423704feab36526f26a0e356855dbbd7b40004344dac6ffb8469d8c638e281
- SHA512
  
  87e187f6546d6812a20c707e0f97baa7dcec09520a8cdf77f616f3121d47cb7322090d0ff905ca006e350409c316676876d0214101f38c6ef6f1360efb2e8d8b
- SSDEEP
  
  3072:dbaQL/EUvHbcOuAW3Lc1xgbLEpop46lvbnRPoG3UdBbp:dbarXcjfup46BbC5Bbp
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence