General
-
Target
Server.exe
-
Size
93KB
-
Sample
250121-h6nfsasngl
-
MD5
25443271763910e38d74296d29f48071
-
SHA1
269a7dd9ff1d0076a65630715f5bd4600a33bb0d
-
SHA256
3bf2449588aaea6f7b7f984af24bd889ee438bb33d9331f5990ef9b6184695e8
-
SHA512
185d233076e4727bf1471f579e2fb56725e30a1f1d4b1f70c8da03d389f41d879eba3731f6daedb34edb8c073df90ca3c0df19362f7b174c72bd6a1251d67aea
-
SSDEEP
768:IY3zetD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3QsG7:jenOx6baIa9RPj00ljEwzGi1dDoDvgS
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
6.tcp.eu.ngrok.io:15905
d8c4f4669aaf7e763f29c3228e3c660d
-
reg_key
d8c4f4669aaf7e763f29c3228e3c660d
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
25443271763910e38d74296d29f48071
-
SHA1
269a7dd9ff1d0076a65630715f5bd4600a33bb0d
-
SHA256
3bf2449588aaea6f7b7f984af24bd889ee438bb33d9331f5990ef9b6184695e8
-
SHA512
185d233076e4727bf1471f579e2fb56725e30a1f1d4b1f70c8da03d389f41d879eba3731f6daedb34edb8c073df90ca3c0df19362f7b174c72bd6a1251d67aea
-
SSDEEP
768:IY3zetD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3QsG7:jenOx6baIa9RPj00ljEwzGi1dDoDvgS
Score8/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1