General
-
Target
babv.exe
-
Size
29KB
-
Sample
250328-vtq3csyyax
-
MD5
85e61aaafe402f7a04e793a53288a072
-
SHA1
e8d088224025f54c58fa11e8b9835fa7dfd3b9ff
-
SHA256
a7ae40544682a27bb1837c0c5d99f417bb4b8e8036e851529fe49a3d507a570b
-
SHA512
cbfd7413fa3373e4c947c35b9605c1dade7159de0990f0961eef2bc4e2dc5e06b2e8cef974f9ada76951732a74d715c84d22e58c7dd1a841eab0e3096cc36511
-
SSDEEP
384:tBs/hl7b1/JEI+GPWrb5hFEaemqD6CLeQTGBsbh0w4wlAokw9OhgOL1vYRGOZz/L:t47bXEI+GevhEsqdLe3BKh0p29SgR5d
Behavioral task
behavioral1
Sample
babv.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
babv.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
babv.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral4
Sample
babv.exe
Resource
win11-20250313-en
Malware Config
Extracted
njrat
0.6.4
HacKed
195.88.218.126:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
babv.exe
-
Size
29KB
-
MD5
85e61aaafe402f7a04e793a53288a072
-
SHA1
e8d088224025f54c58fa11e8b9835fa7dfd3b9ff
-
SHA256
a7ae40544682a27bb1837c0c5d99f417bb4b8e8036e851529fe49a3d507a570b
-
SHA512
cbfd7413fa3373e4c947c35b9605c1dade7159de0990f0961eef2bc4e2dc5e06b2e8cef974f9ada76951732a74d715c84d22e58c7dd1a841eab0e3096cc36511
-
SSDEEP
384:tBs/hl7b1/JEI+GPWrb5hFEaemqD6CLeQTGBsbh0w4wlAokw9OhgOL1vYRGOZz/L:t47bXEI+GevhEsqdLe3BKh0p29SgR5d
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3