imminent | 271319b95a4992827b8aa1aef16e9d4bf3074e7e3444c7947881fd2ba4cdb8a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

Morpheus Crypter.exe

windows10-2004-x64

Resubmissions

04-06-2023 23:32

230604-3jsr7seb32 8

04-06-2023 23:15

230604-28kmfsef4y 10

04-06-2023 23:14

230604-2757rsea95 3

04-06-2023 23:14

230604-27zpzsea94 3

04-06-2023 23:11

230604-26dfcsea88 7

Sharing

General

Target

Morpheus Crypter.zip
Size

1.0MB
Sample

230604-28kmfsef4y
MD5

d2061d06219385c6b96b25bf1a099c4c
SHA1

160a5b7c91b771adcb54d83b7a1a424bfddc9662
SHA256

271319b95a4992827b8aa1aef16e9d4bf3074e7e3444c7947881fd2ba4cdb8a0
SHA512

e5cf8ac1625fec16fe2a57ca7b8a57c5e0083ffb556f942f30a8a30b709e282e756fe12f144d7e6f9a1be45c5ceee4387e6dd3cbe4146627fb4a1a36449d7185
SSDEEP

24576:Ed09OIibo0I+CXaRTBdUcnUm9S09zlxRS8LZ/O/Xq:f97ibBd5nU+Umw0rx48JO/6

Score

10^/10

imminent njrat hacked evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Morpheus Crypter.exe

Resource

win10v2004-20230220-en

imminent njrat hacked evasion persistence spyware stealer trojan

windows10-2004-x64

29 signatures

1800 seconds

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes

reg_key
165d6ed988ac1dbec1627a1ca9899d84
splitter
|'|'|

Targets

- Target
  
  Morpheus Crypter.exe
- Size
  
  1.4MB
- MD5
  
  1aa43e7d7e2e812792f06312db0757d8
- SHA1
  
  606a3060aac710287dd02b36b2999fecb9e67932
- SHA256
  
  894041eeb6bf1a9b30e3492c7effef36c7e7fe4c6369f52893ccf12cd01362ff
- SHA512
  
  8c148a5627e57e89209c17c96377d74130f3f780008830e0ecf75cff4666701d0521c8f3bcefd44148d564fc26f56ff39e794863d54af899fdcf935dea713121
- SSDEEP
  
  24576:ovtzecScg7UdHaebuoXlXNPiCXaRt1CGgJs3bO0Yts0POvlNQFfokUolc8VB/w/c:6tUEaSsf1LgJue0l8/w/c
Score

10^/10

imminent njrat hacked evasion persistence spyware stealer trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops Chrome extension
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentnjrathackedevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy