njrat | bb556186e266aac14231760de2f201ae43d2dd86493a77c8969db5a8cffcf9d9 | Triage

Sharing

General

Target

Onetap V4 Crack.exe
Size

31KB
Sample

250120-m482xswmck
MD5

fa359eb48f6cb886b23fd201bca7ae96
SHA1

69e0c3c335f7b30fd6ed49170c291e3f66faa937
SHA256

bb556186e266aac14231760de2f201ae43d2dd86493a77c8969db5a8cffcf9d9
SHA512

49a5c631445d552cad5659026011217f27d783dac4fcee74498aff369cbf25f45e6cf3d36a4e7e378861a927cf3af92b39681238341781b71bf6f4efe479660a
SSDEEP

768:PtJEpBZhjzOzx5+R4s/Hu56HdAbiTinvanQmIDUu0ti5Ij:gD6uukAbiT6UQVkzj

Score

10^/10

njrat mybot discovery

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:6522

Mutex

1ab90c8a19380afc97a93a58dc6e336f

Attributes

reg_key
1ab90c8a19380afc97a93a58dc6e336f
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Onetap V4 Crack.exe
- Size
  
  31KB
- MD5
  
  fa359eb48f6cb886b23fd201bca7ae96
- SHA1
  
  69e0c3c335f7b30fd6ed49170c291e3f66faa937
- SHA256
  
  bb556186e266aac14231760de2f201ae43d2dd86493a77c8969db5a8cffcf9d9
- SHA512
  
  49a5c631445d552cad5659026011217f27d783dac4fcee74498aff369cbf25f45e6cf3d36a4e7e378861a927cf3af92b39681238341781b71bf6f4efe479660a
- SSDEEP
  
  768:PtJEpBZhjzOzx5+R4s/Hu56HdAbiTinvanQmIDUu0ti5Ij:gD6uukAbiT6UQVkzj
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1