General
-
Target
Coupon PCS.exe
-
Size
109KB
-
Sample
230609-v9ghvsdf61
-
MD5
5d9009a66ca97bb1900075783b99061a
-
SHA1
f26b375c9f9eec08f89f70c49a4619e2ff2b3d60
-
SHA256
4f8fa6048e339e5d85e3c96e7a6c30957c0e897864e05ca9569788f9df23cf5e
-
SHA512
91cda021224010eb226d1bf9a60e87debf17313ba433b381c56172572fbbb2eca66929803b1213f7e0c3769308adf8ccf0db3fcc58fe5b05b3e7add76eb02690
-
SSDEEP
1536:s7f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfOgIxfH8SusWHHVN3ZSss:iliUPXC8k1nJrX+fNTBfeB5WHHYl
Static task
static1
Behavioral task
behavioral1
Sample
Coupon PCS.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Coupon PCS.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
im523
GRIB35
89.3.24.168:50033
gribouillefr.ddns.net:50033
83c9a1eba2df735380c1cc2af0582208
-
reg_key
83c9a1eba2df735380c1cc2af0582208
-
splitter
|'|'|
Targets
-
-
Target
Coupon PCS.exe
-
Size
109KB
-
MD5
5d9009a66ca97bb1900075783b99061a
-
SHA1
f26b375c9f9eec08f89f70c49a4619e2ff2b3d60
-
SHA256
4f8fa6048e339e5d85e3c96e7a6c30957c0e897864e05ca9569788f9df23cf5e
-
SHA512
91cda021224010eb226d1bf9a60e87debf17313ba433b381c56172572fbbb2eca66929803b1213f7e0c3769308adf8ccf0db3fcc58fe5b05b3e7add76eb02690
-
SSDEEP
1536:s7f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfOgIxfH8SusWHHVN3ZSss:iliUPXC8k1nJrX+fNTBfeB5WHHYl
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-