General
-
Target
SecuriteInfo.com.MSIL.Dropper-ABP.10968.24361.exe
-
Size
272KB
-
Sample
250330-ypds1sxr18
-
MD5
3b196fd18fb71b5249c4d88ad469985b
-
SHA1
42c39449a01c6e5f069e837f85c9811677a1cd7b
-
SHA256
a20a139df9679bb179af6f1eb0edcb2fe89d4891daf6b0e0c5a35cf4dcea0210
-
SHA512
c7ad55ec8c9fc78eedef87f1d389619423302e458301c579a9d98025165509f95a093611b7b5915128a86fd3e398be35682d399555fd92423c0ca2b811cb7caf
-
SSDEEP
6144:lO6v9ukljUnrFHdBLE0PvIC3FnL0n9bOuJ/OE:lO6HA1bLhSOuJ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.MSIL.Dropper-ABP.10968.24361.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.MSIL.Dropper-ABP.10968.24361.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.MSIL.Dropper-ABP.10968.24361.exe
-
Size
272KB
-
MD5
3b196fd18fb71b5249c4d88ad469985b
-
SHA1
42c39449a01c6e5f069e837f85c9811677a1cd7b
-
SHA256
a20a139df9679bb179af6f1eb0edcb2fe89d4891daf6b0e0c5a35cf4dcea0210
-
SHA512
c7ad55ec8c9fc78eedef87f1d389619423302e458301c579a9d98025165509f95a093611b7b5915128a86fd3e398be35682d399555fd92423c0ca2b811cb7caf
-
SSDEEP
6144:lO6v9ukljUnrFHdBLE0PvIC3FnL0n9bOuJ/OE:lO6HA1bLhSOuJ
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1