General
-
Target
2025-07-02_e6f9ec45d3eccd3548de9c932535149b_elex_stop
-
Size
833KB
-
Sample
250702-xllh1s1jt3
-
MD5
e6f9ec45d3eccd3548de9c932535149b
-
SHA1
4fe7c9ae14e0e6b5b33c12d07a42bb9fb578bbf0
-
SHA256
77e8df4dc20ff4d8b15ff464061c71447e20c14a51ee6bf5344a11fddbc3c1c6
-
SHA512
cb41445b92b334e8c3614e3fd93bf3b039b33866f7deb8459209608a6e89735233bdeb77f84783d675cb1104e98d0a15ba11a174bb7441b6c752cb131da09960
-
SSDEEP
12288:jH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSslidHc5/DjREmVfvy47aSQ:jbCj2sObHtqQEdHcRDjCmVfq4ed
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-02_e6f9ec45d3eccd3548de9c932535149b_elex_stop.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
2025-07-02_e6f9ec45d3eccd3548de9c932535149b_elex_stop.exe
Resource
win11-20250619-en
Malware Config
Extracted
njrat
0.7d
jjj
youri.mooo.com:1605
e936a10f968ac948cd351c9629dbd36d
-
reg_key
e936a10f968ac948cd351c9629dbd36d
-
splitter
|'|'|
Targets
-
-
Target
2025-07-02_e6f9ec45d3eccd3548de9c932535149b_elex_stop
-
Size
833KB
-
MD5
e6f9ec45d3eccd3548de9c932535149b
-
SHA1
4fe7c9ae14e0e6b5b33c12d07a42bb9fb578bbf0
-
SHA256
77e8df4dc20ff4d8b15ff464061c71447e20c14a51ee6bf5344a11fddbc3c1c6
-
SHA512
cb41445b92b334e8c3614e3fd93bf3b039b33866f7deb8459209608a6e89735233bdeb77f84783d675cb1104e98d0a15ba11a174bb7441b6c752cb131da09960
-
SSDEEP
12288:jH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSslidHc5/DjREmVfvy47aSQ:jbCj2sObHtqQEdHcRDjCmVfq4ed
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1