General

  • Target

    ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122_Sigmanly

  • Size

    93KB

  • Sample

    241226-mqnttstjgz

  • MD5

    4951d592fac59ef8005596d2af5d116b

  • SHA1

    536ab7195afefb6c8947a86b10adb8d0461f7115

  • SHA256

    ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122

  • SHA512

    3f551f1b653764dae9d75dbdf764389786a6004ef2c49f3c7ba81bb4412adc7c8c3315649e4c5a8f970b3f185f67e6f04bacf1264f233225511d45cb75d20ff1

  • SSDEEP

    1536:ZYduiuNTXfL/AJbZNljEwzGi1dDFDugS:ZYdaTXfL/AhzSi1dJT

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

company-telecom.gl.at.ply.gg:42876

Mutex

445c7762b8f06a76352fcac2e22df159

Attributes
  • reg_key

    445c7762b8f06a76352fcac2e22df159

  • splitter

    |'|'|

Targets

    • Target

      ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122_Sigmanly

    • Size

      93KB

    • MD5

      4951d592fac59ef8005596d2af5d116b

    • SHA1

      536ab7195afefb6c8947a86b10adb8d0461f7115

    • SHA256

      ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122

    • SHA512

      3f551f1b653764dae9d75dbdf764389786a6004ef2c49f3c7ba81bb4412adc7c8c3315649e4c5a8f970b3f185f67e6f04bacf1264f233225511d45cb75d20ff1

    • SSDEEP

      1536:ZYduiuNTXfL/AJbZNljEwzGi1dDFDugS:ZYdaTXfL/AhzSi1dJT

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks