General
-
Target
Anonfiles Search Engine v1.2 by CRYP70.exe
-
Size
923KB
-
Sample
230404-bhwc6adh4z
-
MD5
85615d32114184918dd41ede21a1c714
-
SHA1
65616774bdd84720680cbbd5a58b6a04cfbe7946
-
SHA256
a837aaa0366bf57c775270519937f1cc621c98aac8bfb1abab7a31cfa42e63c1
-
SHA512
4bf707a069e6410c2c84e7489fc0bf6c499ab4140c367ab411e01dfa7a6508adefd539dde612f01491e082ae5c3c6113a086a408e788141fad9a7a208fd1ef12
-
SSDEEP
12288:yZNna8JaL8d39HlfJS3Zae9h5Lg4/SEp3/RJPHqleuTyrb6YvirBjpOUREzLw2f+:W0odRlhbrBj0+EzLwW1T8HQ
Static task
static1
Behavioral task
behavioral1
Sample
Anonfiles Search Engine v1.2 by CRYP70.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Anonfiles Search Engine v1.2 by CRYP70.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
blog.hackcrack.io:8086
Windows Explorer
-
reg_key
Windows Explorer
-
splitter
|'|'|
Targets
-
-
Target
Anonfiles Search Engine v1.2 by CRYP70.exe
-
Size
923KB
-
MD5
85615d32114184918dd41ede21a1c714
-
SHA1
65616774bdd84720680cbbd5a58b6a04cfbe7946
-
SHA256
a837aaa0366bf57c775270519937f1cc621c98aac8bfb1abab7a31cfa42e63c1
-
SHA512
4bf707a069e6410c2c84e7489fc0bf6c499ab4140c367ab411e01dfa7a6508adefd539dde612f01491e082ae5c3c6113a086a408e788141fad9a7a208fd1ef12
-
SSDEEP
12288:yZNna8JaL8d39HlfJS3Zae9h5Lg4/SEp3/RJPHqleuTyrb6YvirBjpOUREzLw2f+:W0odRlhbrBj0+EzLwW1T8HQ
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-