General
-
Target
ProtoSmasherV2.exe
-
Size
1.8MB
-
Sample
220825-p3672sdcbl
-
MD5
5d814d18b0ccfaf75449bbb9fbe8078d
-
SHA1
666529eb8b106afc28875913f8e7bcdcfdfeb932
-
SHA256
e7328c6e86adf5c959c8f3e63c06ab453bd0f959060a4f915f5654fc33a11c64
-
SHA512
2ae2ebac1f04b139aaf7ec30b0c7cf437e35bf06ddfcf97548160d872e051ec4df2100c1755ff32d95763b16532f3fb8e9e737bbf375379eab8a5c9937c40ce6
-
SSDEEP
49152:Z8e7D4Hh+6fMSitMdcNgCs1xnV+SR0juZ6XTV:n7rsqu3+LjO6V
Static task
static1
Behavioral task
behavioral1
Sample
ProtoSmasherV2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ProtoSmasherV2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
im523
HacKed
73.182.242.123:2006
827283f359ec6b717ef8777833587855
-
reg_key
827283f359ec6b717ef8777833587855
-
splitter
|'|'|
Targets
-
-
Target
ProtoSmasherV2.exe
-
Size
1.8MB
-
MD5
5d814d18b0ccfaf75449bbb9fbe8078d
-
SHA1
666529eb8b106afc28875913f8e7bcdcfdfeb932
-
SHA256
e7328c6e86adf5c959c8f3e63c06ab453bd0f959060a4f915f5654fc33a11c64
-
SHA512
2ae2ebac1f04b139aaf7ec30b0c7cf437e35bf06ddfcf97548160d872e051ec4df2100c1755ff32d95763b16532f3fb8e9e737bbf375379eab8a5c9937c40ce6
-
SSDEEP
49152:Z8e7D4Hh+6fMSitMdcNgCs1xnV+SR0juZ6XTV:n7rsqu3+LjO6V
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-