General
-
Target
Server.exe
-
Size
93KB
-
Sample
250114-3gcm7svpaj
-
MD5
a5fa678fb2f818a59368153c52c688f3
-
SHA1
b9576068c48b40576b9af787bba016904d47b5c5
-
SHA256
9657e20a966d74430732e992d978b77e9b8eeb50b63a9b8242015f1a44f7f50f
-
SHA512
1a0e1915377f8e6ab4381e5ed710a44197336eda8aa7dd9279ba8a928fe170ee0f874a55b61481f74c6c1c3a48ffadb8ae4efa2925fa9f691adaf56ab79ae385
-
SSDEEP
1536:8VwC+xhUa9urgOBPmNvM4jEwzGi1dDiDc2gS:8VmUa9urgOkdGi1dMw
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
hi-tin.gl.at.ply.gg:14413
861c24753d6fb8b3cf2df8aaf6877709
-
reg_key
861c24753d6fb8b3cf2df8aaf6877709
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
a5fa678fb2f818a59368153c52c688f3
-
SHA1
b9576068c48b40576b9af787bba016904d47b5c5
-
SHA256
9657e20a966d74430732e992d978b77e9b8eeb50b63a9b8242015f1a44f7f50f
-
SHA512
1a0e1915377f8e6ab4381e5ed710a44197336eda8aa7dd9279ba8a928fe170ee0f874a55b61481f74c6c1c3a48ffadb8ae4efa2925fa9f691adaf56ab79ae385
-
SSDEEP
1536:8VwC+xhUa9urgOBPmNvM4jEwzGi1dDiDc2gS:8VmUa9urgOkdGi1dMw
Score8/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1